Shown at this year’s Def Con is a powerful and modest hack tool, the O.MG Elite cable. With the physical appearance of a standard Lightning or USB-C cable, hidden modifications mean that this cable can record keystrokes, perform attacks, and even surreptitiously transfer data from air-bound devices using its WiFi network.
Watched by Corin Faife of The Verge at Def Con, here’s how creator MG describes the creation:
“It’s a cable that looks identical to the other cables you already have,” explains MG, the cable’s creator. “But inside each cable, I put an implant with a web server, USB connections, and Wi-Fi access. So it’s plugged in and turned on and you can connect to it.”
One of the strong things about the new O.MG Elite compared to its predecessors is the advanced networking features that mean it can handle two-way communications.
The O.MG Elite can perform attacks and read data passed over the cable, for example between iPhone and Mac, or almost any other group of devices as it comes in Lightning to USB-A, Lightning to USB-C, and C to C, and microUSB versions.
Creator MG says that so far, a cable like this could have been sold for up to $20,000. But it goes from $180+ to early access for customers.
Attacks, keylogger and built-in Wi-Fi
O.MG Elite is able to perform keystroke injection attacks – making the device think it’s keyboard typing commands. This unlocks vulnerabilities such as command line attacks.
It also contains a keylogger: if used to connect a keyboard to a host computer, the cable can log every keystroke that passes through it and save up to 650,000 entry keys in its internal storage for later retrieval. Your password? Registered. Bank account details? Recorded. Draft tweets you didn’t want to send? Signed too.”
As noted by The Verge, a large part of how flawed this cable can be is the built-in WiFi to silently send data to an attacker – even on airborne devices.
Many “hack” attacks – such as the Chrome password theft mentioned above – rely on sending data over the target device’s Internet connection, putting you at risk of being blocked by antivirus software or company network configuration rules. The built-in network interface cascades around this protection, giving the cable its own communications channel for sending and receiving data and even a way to steal data from targets that have been “disconnected from the air”, i.e. completely separate from external networks. “
In terms of worrying about everyday scammers buying this and trying to get people to use it, that’s probably not a big concern with the $180+ O.MG Elite. However, if you have sensitive information on your devices, it’s a good idea to be careful about who you accept the cable from.
O.MG is designed as a professional security testing tool, but The Verge says it’s also something that can be used by programmers with moderate experience.
FTC: We use affiliate links to earn income. more.
Check out 9to5Mac on YouTube for more Apple news: