Keeping your iPhone and private data safe can be harder than ever with the introduction of a new O.MG cable for hacking that looks like a lighting cable. The fake cable, developed by a security researcher known simply as “MG”, comes with a variety of hacking tools, including a keylogger.
The original O.MG cables were demonstrated at the Def Con hacking conference in 2019. They are hand built from standard Lightning cables and behave exactly as you would expect from a Lightning cable. They charge phones, transfer data, trigger the usual prompts when they are connected to a computer – and unlike lightning cables, allow attackers to remotely control your device.
The new cables have a wide variety of features and attack modes, including keylogging and keystroke injection. According to Vice, they can change keyboard mappings, spoof the identity of USB devices, and create a wireless hotspot that hackers can access. A simple web app enables the hacker to record keystrokes from the victim’s device and give them access to passwords and other sensitive information. While Vice tried the cable only a short distance away, MG claims the cable has a range of over a mile.
This is done using a chip implanted in the plastic housing of the USB-C connector. The chip takes up about half the space inside the connector, so the cable still looks and works like a real cable. This precise design, combined with the ongoing shortage of chips, has made the manufacturing process of the O.MG cables difficult. As MG explains: “When a single component is out of stock, it is fundamentally impossible to find a replacement if a fraction of a millimeter is important.”
Despite manufacturing difficulties, O.MG cables are now available for sale, although for security reasons we don’t link where you can buy it. The new cables are available in different variations, including Lightning to USB-C and black cables such as USB-C to USB-C for use with non-Apple products. Each comes with a variant of the keylogger, and the cables are packaged to mimic authentic products, from the boxes to the little cardboard sleeves that secure Lightning cables.
So far there is no clear way of distinguishing between an O.MG cable and an authentic one. In an earlier statement to Vice, an Apple spokesperson reiterated that Apple recommends using only accessories that have the MFi logo on the item’s packaging, indicating that the accessory is Apple certified.
This news is particularly worrying as Apple is rolling out features with iOS 15 that will allow you to save your driver’s license right on your phone. Some states have already accepted it, as has the Transportation Security Administration (TSA). Now attackers have another tool with this new Lightning cable look alike.