Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Iphone Privacy Wireless Networking

Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold (vice.com) 57

An anonymous reader quotes a report from Motherboard: Soon it may be easier to get your hands on a cable that looks just like a legitimate Apple lightning cable, but which actually lets you remotely take over a computer. The security researcher behind the recently developed tool announced over the weekend that the cable has been successfully made in a factory. MG is the creator of the O.MG Cable. It charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to. Once they've done that, a hacker can run commands on the computer, potentially rummaging through a victim's files, for instance.

After demoing the cable for Motherboard at the Def Con hacking conference this summer, MG said "It's like being able to sit at the keyboard and mouse of the victim but without actually being there." At the time, MG was selling the handmade cables at the conference for $200 each. Now that production process has been streamlined. This doesn't necessarily mean that factories are churning out O.MG Cables right now, but it shows that their manufacture can be fully outsourced, and MG doesn't have to make the cables by hand.

This discussion has been archived. No new comments can be posted.

Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold

Comments Filter:
  • Solution (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Monday September 30, 2019 @08:09PM (#59254798)

    Don't let other people charge their devices by plugging into your computer's USB ports.

    • Would be nice if USB had more facilities for a configurable firewall (both in software, and at the chipset); I think VEN/DEV whitelisting and brute force detection would probably be adequate for most cases, but some sort of additional authentication/pairing system would be potentially useful (if inconvenient, by necessity).
      • That'll be coming along soon enough, I'm sure. In the interests of "Trusted Platforms" they'll probably require certificates signed by a Microsoft CA, though, instead of just relying on vid/pid combinations (which can actually be reprogrammed on a lot of things).
      • The problem here is that there's a WiFi chip hidden the the connector... it's just as bad as any other USB takeover. Firewall won't solve this, it claims to be your iPhone and you'd never block that.

      • It's already somewhat doable. I'm typing this on a computer running Qubes [qubes-os.org], which takes security seriously.

        The USB controllers are attached to a dedicated VM using VT-d. When I plug in a keyboard or phone to my computer, only that VM will see it. If I want to transfer files, then it's handled by a service which just transfers files between VMs. If I want to use it as a keyboard, I have to explicitly allow it. If I want another VM to have raw access to the USB device, I have to select it from a menu and

        • The USB system in general accepts pass-through connections... so this comes in yelling "I've got 2 ports, one for the iPhone and one for WiFi."

          • Not so with Qubes! It proxies each endpoint separately. If this cable presents itself as a hub with an iPhone and a keyboard, you will see two devices in the menu. If you tell it to attach the iPhone to an application VM, it proxies just the iPhone. The root, hub, and keyboard don't get presented to the AppVM.

    • Re:Solution (Score:4, Funny)

      by 110010001000 ( 697113 ) on Monday September 30, 2019 @08:22PM (#59254824) Homepage Journal

      What if she is really cute?

    • I'm not sure why we connect over USB anymore. Right now my iPhone's on a dock stand for wireless power... which is connected to power, not my computer. Sync'ing happens over WiFi.

    • by AmiMoJo ( 196126 )

      The optimal solution is to make the OS not automatically install and use any random USB device that gets plugged in. Instead have it ask for permission each time.

      Unfortunately that would be very annoying for the user. There is no way to authenticate USB devices (many don't have a serial number and it's easily cloned anyway) so it would have to ask every time. It would only really work on laptops too because obviously you need some way to give permission to use your external USB keyboard/mouse.

      • "It would only really work on laptops too because obviously you need some way to give permission to use your external USB keyboard/mouse."

        Press the power button once within five seconds in order to recognize a new input device. Problem solved.

    • by Misagon ( 1135 )

      This is why PCs in security-conscious environments don't have any open ports.
      All USB ports are inside a lockable enclosure with a grate with metal fingers for the cables to go through.
      All new devices have to be inspected by the IT department before being allowed. Extension cables/Type B ports are not allowed.

  • My 486 doesn't even support USB.
  • If you're plugging random cables into your laptop, you deserve to have all your business stolen.

    I hardly see how this would be considered a 'hack'. This is like someone leaving their key under the doormat. That doesn't make a burglar a master lock picker.

    • Re:Seriously? (Score:5, Insightful)

      by joe_frisch ( 1366229 ) on Monday September 30, 2019 @09:37PM (#59254988)

      If the look like standard cables it might be possible to swap one - in a hotel room, or maybe even on an airplane or in an office. Could also sell them on amazon to selected customers.

    • by vux984 ( 928602 )

      Yeah! That's why you only use brand new sealed cables, from a trustworthy vendor.

      The moment you lose continuous visual contact with any cable you immediately shred it, and then open a new package.

      Sure, If some creepy weirdo handed me a cable and then giggled as he walked away I'd think twice about using it, but one of my many cables, or dongles, got swapped with a reasonable facsimile when i wasn't looking... I wouldn't likely notice.

      "This is like someone leaving their key under the doormat."

      Its more like someone swapping your doormat with one of their own that mo

      • by AmiMoJo ( 196126 )

        Even sealed cables are not necessarily safe. We know that the NSA intercepts Cisco equipment during shipping to the customer, and installs hardware backdoors before sending it on. Presumably other vendors are affected and they could easily open up your iPhone package to replace the cable.

        Call me paranoid but I always buy cables and hard drives/SSDs in person with cash at different shops. On older ones I used to desolder the firmware flash memory and verify it against a known good image, but these days the f

  • What if someone mass produced a device that looked like a thumbdrive that connected to USB that contained a hotspot? No one would be safe. Want to donate to my Kickstarter?

  • by Streetlight ( 1102081 ) on Monday September 30, 2019 @08:36PM (#59254858) Journal
    ... as well as local police departments, foreign governments, etc. And, $200 seems pretty cheap for these things. The developer probably could charge in the tens of thousands of dollars or more for each cable.
  • Force USB drivers to be unable to transfer data without end to end encryption. I mean, we are able to make it hard to get hacked through wifi .. which is even crazier. Anyway, require and force end to end encryption before processing any data. The only parts that will require secure coding then is the encryption setup between the pears .. but that shouldn't be impossible -- check the bounds and format of every input. Yes I am aware of the recent iOS "unfixable" usb hack, but that stuff can be protected agai

    • Current WiFi is easy to breach still... it just requires somebody giving up the password. This report is that a USB cable given permission to touch iTunes gets enough info for a takeover or leak.

      We used to say images could not contain viruses... but that fell a long time ago. This is like a MiFi chip, it turns the USB connector into a WiFi system that the spy can use.

    • Data transfer speeds are approaching the limits of practical hardware AES. Other encryption algorithms are too slow, so are just used for the initial exchange of an AES key. Subsequent data transfers are encrypted with hardware AES. While it's possible for AES to hit Tbps speeds if you throw an entire gaming GPU at it, the AES chips typically found on computers max out at Gbps speeds. Heck, USB with Thunderbolt already supports DMA (direct memory access - the Thunderbolt device can read data straight fr
  • Sounds like this is a cool Hacker toy... the police and Feds would love having a few of those.

  • SUPER easy fix on the OS side.

    Game over man.

    Please correct me if I am wrong.

  • ... that a driver be installed for that hidden WiFi device I just plugged into my USB port? Because if I get a popup to that effect, I'm going to be really, really suspicious.

    • No, I believe it says that it is a keyboard, and you probably already have drivers installed for that. The Wifi part in the device is just for the attacker to have something to connect so that she can command the device.

      I would guess that when activated, the device does something like imitating a keyboard sending "[Command]-Space terminal.app [Enter]" and then use keystrokes or curl to put whatever code the attacker wants onto the machine.

  • Apple products can't be hacked.......
    They are certified UNIX and we all know UNIX can not be hacked.

    • Nope... this thing can insert keystrokes into any Mac with USB. It just has to register as a wireless keyboard/mouse.. and you'll notice that modern connections for such things are small enough to fit in the connector.

      • Not wireless, it conencts as USB keyboard.
        Bluetooth/wireless devices can not automatically connect to a Mac, the user has to authenticate them first.

  • Isn't the data exchanged between a PC and an iPhone being encrypted?
    • Encryption isn't the solution here... the iPhone-PC link is secure, but the WiFi chip in the connector can insert keystrokes and mouse movements by claiming it's HID, and that gives up most of the PC.

      • We already have pairing authentication on bluetooth keyboards, and occasionally on mice.

        "Type this number displayed above on the keyboard and press RETURN to finish pairing"

        Currently, many USB devices have a serial number they send on connect, although the format isn't very standardized. It's possible to identify, for example, a USB flash drive by its serial number when plugged in. "this one's safe, we don't have to do any validation on it". The same could be done with HID devices, which would at least a

        • This device is almost literally a man-in-the-middle. How would you ensure that a machine that knows nothing a priori about the peripheral to accept only connections from that peripheral, rather than the cable simply replaying the serial number?

  • Presumably it would be pretty easy to build something that both detects and fries the offending circuit. A charging cable should be nothing but two connectors and a cable. By running high voltage and the max current tolerated by the connectors and cable it should be possible to destroy the embedded circuit. Anyone for a Kickstarter to build such a device?
  • As laptops and desktops go to USB-C/Thunderbolt, the problem with attaching peripherals becomes worse and worse.

    Old-school USB typically goes through standard operating system I/O but the modern stuff all allows Direct Memory Access attacks. These are very tricky [thehackernews.com] to harden against. Devices or device cables that implement them are much more worrying than USB-mode malware.

  • I have to wonder,
    if someone gave me a cable to help me charge my phone
    and it was one of these types that are for spying, what
    legal rights do I have?

    I see this as one heck of an issue happening in dating when
    you visit someone's house and you just "plug in" to get charged
    up.

    Also, I did not read the article, any basic alerts you can set up
    to prevent this or observe what the spy/hacker is doing?

Real Programmers think better when playing Adventure or Rogue.

Working...