Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold (vice.com) 57
An anonymous reader quotes a report from Motherboard: Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory. MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance.
After demoing the cable for Motherboard at the Def Con hacking conference this summer, MG said "It's like being able to sit at the keyboard and mouse of the victim but without actually being there." At the time, MG was selling the handmade cables at the conference for $200 each. Now that production process has been streamlined. This doesn't necessarily mean that factories are churning out O.MG Cables right now, but it shows that their manufacture can be fully outsourced, and MG doesn't have to make the cables by hand.
After demoing the cable for Motherboard at the Def Con hacking conference this summer, MG said "It's like being able to sit at the keyboard and mouse of the victim but without actually being there." At the time, MG was selling the handmade cables at the conference for $200 each. Now that production process has been streamlined. This doesn't necessarily mean that factories are churning out O.MG Cables right now, but it shows that their manufacture can be fully outsourced, and MG doesn't have to make the cables by hand.
Solution (Score:5, Insightful)
Don't let other people charge their devices by plugging into your computer's USB ports.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The problem here is that there's a WiFi chip hidden the the connector... it's just as bad as any other USB takeover. Firewall won't solve this, it claims to be your iPhone and you'd never block that.
Re: (Score:2)
It's already somewhat doable. I'm typing this on a computer running Qubes [qubes-os.org], which takes security seriously.
The USB controllers are attached to a dedicated VM using VT-d. When I plug in a keyboard or phone to my computer, only that VM will see it. If I want to transfer files, then it's handled by a service which just transfers files between VMs. If I want to use it as a keyboard, I have to explicitly allow it. If I want another VM to have raw access to the USB device, I have to select it from a menu and
Re: (Score:2)
The USB system in general accepts pass-through connections... so this comes in yelling "I've got 2 ports, one for the iPhone and one for WiFi."
Re: (Score:2)
Not so with Qubes! It proxies each endpoint separately. If this cable presents itself as a hub with an iPhone and a keyboard, you will see two devices in the menu. If you tell it to attach the iPhone to an application VM, it proxies just the iPhone. The root, hub, and keyboard don't get presented to the AppVM.
Re:Solution (Score:4, Funny)
What if she is really cute?
Re:Solution (Score:4, Funny)
Automatically suspicious. What the hell is she doing talking to me?
Re: (Score:2)
thank you, I laughed so loud that people turned around to look if I was a mass killer.
Re: (Score:2)
What if she is really cute?
Ask her “are you virus-free?” - I’m sure she’ll take it in the spirit it was intended.
use an USG filter? (Score:2)
like, you know, https://github.com/robertfisk/... [github.com] ;-)
(I own two -the simple ones not the big more recent- and, I must say, very rarely use them, but then it's because I never met her
Re: (Score:2)
Re: (Score:2)
I'm not sure why we connect over USB anymore. Right now my iPhone's on a dock stand for wireless power... which is connected to power, not my computer. Sync'ing happens over WiFi.
Re: (Score:2)
The optimal solution is to make the OS not automatically install and use any random USB device that gets plugged in. Instead have it ask for permission each time.
Unfortunately that would be very annoying for the user. There is no way to authenticate USB devices (many don't have a serial number and it's easily cloned anyway) so it would have to ask every time. It would only really work on laptops too because obviously you need some way to give permission to use your external USB keyboard/mouse.
Re: (Score:2)
"It would only really work on laptops too because obviously you need some way to give permission to use your external USB keyboard/mouse."
Press the power button once within five seconds in order to recognize a new input device. Problem solved.
Re: (Score:2)
This is why PCs in security-conscious environments don't have any open ports.
All USB ports are inside a lockable enclosure with a grate with metal fingers for the cables to go through.
All new devices have to be inspected by the IT department before being allowed. Extension cables/Type B ports are not allowed.
No issue here (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Seriously? (Score:2)
If you're plugging random cables into your laptop, you deserve to have all your business stolen.
I hardly see how this would be considered a 'hack'. This is like someone leaving their key under the doormat. That doesn't make a burglar a master lock picker.
Re:Seriously? (Score:5, Insightful)
If the look like standard cables it might be possible to swap one - in a hotel room, or maybe even on an airplane or in an office. Could also sell them on amazon to selected customers.
Re: (Score:2)
Yeah! That's why you only use brand new sealed cables, from a trustworthy vendor.
The moment you lose continuous visual contact with any cable you immediately shred it, and then open a new package.
Sure, If some creepy weirdo handed me a cable and then giggled as he walked away I'd think twice about using it, but one of my many cables, or dongles, got swapped with a reasonable facsimile when i wasn't looking... I wouldn't likely notice.
"This is like someone leaving their key under the doormat."
Its more like someone swapping your doormat with one of their own that mo
Re: (Score:2)
Even sealed cables are not necessarily safe. We know that the NSA intercepts Cisco equipment during shipping to the customer, and installs hardware backdoors before sending it on. Presumably other vendors are affected and they could easily open up your iPhone package to replace the cable.
Call me paranoid but I always buy cables and hard drives/SSDs in person with cash at different shops. On older ones I used to desolder the firmware flash memory and verify it against a known good image, but these days the f
Thats bad, but worse (Score:2)
What if someone mass produced a device that looked like a thumbdrive that connected to USB that contained a hotspot? No one would be safe. Want to donate to my Kickstarter?
Re: (Score:2)
No. You can already get these and have been able to do so for at least as long as USB has existed.
Re: (Score:2)
Whoosh
Re: (Score:2)
What if someone mass produced a device that looked like a thumbdrive that connected to USB that contained a hotspot?
Patent failed, this already exists. Look for "USB Wifi"
Re: (Score:2)
Andddd....whooosh
The market may be goverment's 3 letter agencies (Score:5, Interesting)
Watch out for that price coming from the rafters.. (Score:2)
$200 was the price of this handmade... now they're mass-producing them with machines so the price is scheduled to drop.
Re: (Score:2)
Why would the price drop? His profit margins will simply increase.
Re: (Score:2)
Re: (Score:2)
Easy to solve (Score:2)
Force USB drivers to be unable to transfer data without end to end encryption. I mean, we are able to make it hard to get hacked through wifi .. which is even crazier. Anyway, require and force end to end encryption before processing any data. The only parts that will require secure coding then is the encryption setup between the pears .. but that shouldn't be impossible -- check the bounds and format of every input. Yes I am aware of the recent iOS "unfixable" usb hack, but that stuff can be protected agai
Re: (Score:2)
Current WiFi is easy to breach still... it just requires somebody giving up the password. This report is that a USB cable given permission to touch iTunes gets enough info for a takeover or leak.
We used to say images could not contain viruses... but that fell a long time ago. This is like a MiFi chip, it turns the USB connector into a WiFi system that the spy can use.
Re: (Score:2)
Is this painted blue? (Score:2)
Sounds like this is a cool Hacker toy... the police and Feds would love having a few of those.
Re: (Score:1)
I'm sure the feds have had them for many years already.
Re: (Score:2)
I'm sure the feds have had them for many years already.
I like the way you assume they are competent.
SUPER easy fix on the OS side (Score:2)
SUPER easy fix on the OS side.
Game over man.
Please correct me if I am wrong.
Re: (Score:2)
How does the OS recognize this? it just uses the standard USB drivers.
Will this require ... (Score:2)
Re: (Score:2)
No, I believe it says that it is a keyboard, and you probably already have drivers installed for that. The Wifi part in the device is just for the attacker to have something to connect so that she can command the device.
I would guess that when activated, the device does something like imitating a keyboard sending "[Command]-Space terminal.app [Enter]" and then use keystrokes or curl to put whatever code the attacker wants onto the machine.
But but - its Apple (Score:1)
Apple products can't be hacked.......
They are certified UNIX and we all know UNIX can not be hacked.
Re: (Score:2)
Nope... this thing can insert keystrokes into any Mac with USB. It just has to register as a wireless keyboard/mouse.. and you'll notice that modern connections for such things are small enough to fit in the connector.
Re: (Score:2)
Not wireless, it conencts as USB keyboard.
Bluetooth/wireless devices can not automatically connect to a Mac, the user has to authenticate them first.
But ... (Score:2)
Re: (Score:2)
Encryption isn't the solution here... the iPhone-PC link is secure, but the WiFi chip in the connector can insert keystrokes and mouse movements by claiming it's HID, and that gives up most of the PC.
the RESPONSE to this could get annoying (Score:2)
We already have pairing authentication on bluetooth keyboards, and occasionally on mice.
"Type this number displayed above on the keyboard and press RETURN to finish pairing"
Currently, many USB devices have a serial number they send on connect, although the format isn't very standardized. It's possible to identify, for example, a USB flash drive by its serial number when plugged in. "this one's safe, we don't have to do any validation on it". The same could be done with HID devices, which would at least a
Re: (Score:2)
This device is almost literally a man-in-the-middle. How would you ensure that a machine that knows nothing a priori about the peripheral to accept only connections from that peripheral, rather than the cable simply replaying the serial number?
Shocking! (Score:2)
The ultimate problem is DMA attacks (Score:2)
As laptops and desktops go to USB-C/Thunderbolt, the problem with attaching peripherals becomes worse and worse.
Old-school USB typically goes through standard operating system I/O but the modern stuff all allows Direct Memory Access attacks. These are very tricky [thehackernews.com] to harden against. Devices or device cables that implement them are much more worrying than USB-mode malware.
what's the legal ramification in the USA (Score:2)
I have to wonder,
if someone gave me a cable to help me charge my phone
and it was one of these types that are for spying, what
legal rights do I have?
I see this as one heck of an issue happening in dating when
you visit someone's house and you just "plug in" to get charged
up.
Also, I did not read the article, any basic alerts you can set up
to prevent this or observe what the spy/hacker is doing?