Wireless key-logger hidden inside USB-C to Lightning cable
Wireless key-logger hidden inside USB-C to Lightning cable

By Ben Lovejoy

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.

Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables.

We first saw an example of a malware USB-A cable back in 2019 when a security researcher known as MG demonstrated it to Motherboard. He later made the cable available for sale to penetration testers, and has now created a USB-C version.

MG told Motherboard that he did so in part because people claimed it couldn’t be done.

“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong,” MG told Motherboard in an online chat.

The OMG Cables, as they’re called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said […]

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added.

The site was given examples to test, and were able to confirm that they performed as described.

These latest cables have even greater capabilities.

MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.

“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” he said.

It’s not just key-logging you need worry about: Security researchers last year used a modified USB-C cable to take over the T2 security chip in modern Macs. All that is needed to takeover the machine is for the cable to be plugged in.

Affiliate News Feeds

  • Hardware
  • Internet of Things
  • Networking
  • Industry News
  • Software

The tech titan Amazon used its show in Las Vegas to talk about watery matters, supply chains and much more. The post AWS re:Invent 2022: A tiered tour of technology… [...]

In a recent interview with Ravi Pendekanti, SVP of Product Management & Marketing at Western Digital, he explained how they have expanded their HDD technology to lower total cost of… [...]

Our picks for the top Amazon Cyber Week deals to ease the stress of those who work from home. The post 5 Amazon Cyber Week deals sure to make remote… [...]

IIoT can be a revelation when implemented successfully, but companies may run into obstacles. Here’s what IIoT is and the top five obstacles associated with using it. The post Top… [...]

Learn how Internet of Things technology has continued to support digital transformation for organizations across industries. The post Top 5 trends to watch in industrial IoT appeared first on TechRepublic. [...]

UK-based IoT connectivity platform provider seeks élan and style by snapping up French firm. The post Wireless Logic continues acquisition spree with IoThink Solutions deal appeared first on TechRepublic. [...]

Consider securing your remote work setup with a three-year subscription to a top VPN. Windscribe Pro is more than 70% off today only. The post Lock in 3 years of… [...]

Virtualization platforms are available from a number of vendors, but it’s still critical to maintain your virtualization environment to avoid unnecessary resource consumption, out of-compliance systems or applications, data loss,… [...]

The company’s products seek to address real-time data transport, edge data collection instruments. The post NVIDIA unveils supercomputing and edge products at SC22 appeared first on TechRepublic. [...]

An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling… [...]

Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes,… [...]

Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic… [...]

See how to integrate the Trello software with Google Mail for a much simpler project management workflow. The post How to integrate Trello with Gmail appeared first on TechRepublic. [...]

Read how to install the Trello app in macOS and why it will make your project management even easier. The post How to install the Trello app on macOS and… [...]

Find out if one of these top seven Wrike alternatives are an ideal project management solution for you and your team. The post Top 7 Wrike alternatives for project and… [...]