Seemingly Normal Lightning Cable Will Leak Everything You Type (vice.com) 51
An anonymous reader quotes a report from Motherboard: It looks like a Lightning cable, it works like a Lightning cable, and I can use it to connect my keyboard to my Mac. But it is actually a malicious cable that can record everything I type, including passwords, and wirelessly send that data to a hacker who could be more than a mile away. This is the new version of a series of penetration testing tools made by the security researcher known as MG. MG previously demoed an earlier version of the cables for Motherboard at the DEF CON hacking conference in 2019. Shortly after that, MG said he had successfully moved the cables into mass production, and cybersecurity vendor Hak5 started selling the cables. But the more recent cables come in new physical variations, including Lightning to USB-C, and include more capabilities for hackers to play with.
"There were people who said that Type C cables were safe from this type of implant because there isn't enough space. So, clearly, I had to prove that wrong. :)," MG told Motherboard in an online chat. The OMG Cables, as they're called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said. MG said that the new cables now have geofencing features, where a user can trigger or block the device's payloads based on the physical location of the cable. "It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers," he said. "We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile," he added. He said that the Type C cables allow the same sort of attacks to be carried out against smartphones and tablets. Various other improvements include being able to change keyboard mappings, the ability to forge the identity of specific USB devices, such as pretending to be a device that leverages a particular vulnerability on a system.
"There were people who said that Type C cables were safe from this type of implant because there isn't enough space. So, clearly, I had to prove that wrong. :)," MG told Motherboard in an online chat. The OMG Cables, as they're called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said. MG said that the new cables now have geofencing features, where a user can trigger or block the device's payloads based on the physical location of the cable. "It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers," he said. "We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile," he added. He said that the Type C cables allow the same sort of attacks to be carried out against smartphones and tablets. Various other improvements include being able to change keyboard mappings, the ability to forge the identity of specific USB devices, such as pretending to be a device that leverages a particular vulnerability on a system.
Old idea (Score:3)
This was done with "seemingly normal" USB cables years ago. There was a /. story then too IIRC.
Re: Old idea (Score:3)
oops, almost forgot
"Frost Pist!!1ONE110001bin31hex49dec61oct
Re: Old idea (Score:2)
Re: (Score:2)
At least technically speaking, yes, the implant could be used to act as a computer.
However, that may backfire, because it's unlikely that the keyboard would operate in bluetooth mode if it detected a master on its USB bus.
Re: (Score:2)
There is no actual data because the keyboard and trackpad are Bluetooth connected. Are they still at risk?
A power consumption analysis side channel, perhaps?
Re: (Score:2)
Indeed. Many connectors have enough space to put something like this in. Only real protection is to buy anonymous or to buy several of the same cable and to open some of them.
Re: Old idea (Score:2)
A chip size circuit could easily be concealed inside the end of a data cable. Opening it might not even reveal anything unless you do a complete teardown of the connectors, including the plastic the pins are mounted on thus destroying the cable in the process. Just how would you tear down the very end of a lightning cable, where the spy chip might be embedded right under the contacts?
I wouldn't loose too much sleep over this because the company would get shut down over night by all of the angry press spread
Re: (Score:2)
Yes. Sure. But if you had read TFA:
"There were people who said that Type C cables were safe from this type of implant because there isn't enough space. So, clearly, I had to prove that wrong. :)," MG told Motherboard in an online chat.
The point is that allegedly this could not be done with lightning.
Re: Old idea (Score:2)
This isn't something that any Joe Soldering Iron could put together unless he was *really* good at soldering. Most Joe Irons wouldn't get any reward vs labor from this.
However, this can be very easily built in a proper factory, and the whole set up could be designed as a single chip that would fit just fine inside the ends of a lightning cable.
You can buy novelty USB cables that light up and change color, driven by a chip inside the cable itself. If they can make that, then they can fit in an all in one dat
Re: (Score:2)
The cable is available for like 160 bucks on Hak5. And considering that they tend to be on the pricey end of the spectrum, I have a hunch that you should be able to pick up a few of them for 100 or less in some Chinashop.
over 1 mile wifi range (Score:2)
Re: (Score:2)
Why? A mile wifi range isn't really very much. The record is something like 300 km.
Re: over 1 mile wifi range (Score:2)
Re: (Score:2)
So?
Ponder this for a moment: An attacker will probably use this cable at the office of his victim. Question for 100: Does he give a fuck whether his victim gets into trouble?
I mean, he pretty much is his victim's trouble already...
Re:over 1 mile wifi range (Score:4, Informative)
But it will likely also include consideration of the probability of inadvertent detection of the broadcast. For example, the signal strength of broadcast signal follows the 'inverse square law' - double the distance to the transmitter and the measured signal strength reduces to a quarter. But the inverse is true - when you are a metre from the transmitter, the signal strength reaches a maximum. There are all sorts of electronic devices that may be sensitive to radio interference in a way that could be detected by a user - for example a simple, old-school, transistor radio. In other words, a cunning attacker would set the broadcast strength of a transmitter to a practical minimum, in order to minimize the chances of it being detected.
Re: (Score:2)
It's wifi. You're not going to actually hide it, so you hide it in plain sight.
Re: (Score:2)
It might even be simpler than that. I remember and old ps2 keylogger that transmitted off low frequency sounds using fsk. You need very little bandwidth and your capturing bursts of activity so it could be broadcast over a longer time. The guy just used a mic and some simple electronics to capture the bits.
Hell, not a lot of ways to stop this either. Cypress came out with a lists of new charger managers and chip-in-cable's for Power Delivery 3.0. They have this one that includes two usb 2.0 endpoints t
Re: (Score:2)
Why? A mile wifi range isn't really very much. The record is something like 300 km.
That is with highly directional and large antennae on both sides. With only a tiny crappy antenna on the receiver side and no space for a good amplifier there either, 1 mile is pretty good. That is assuming they did use a standard WiFi sender with a non-boosted signal.
Re: over 1 mile wifi range (Score:2)
The thing about tiny antennae is that they can be just as good as really big antennae. What you do is embed the antenna in a very particular kind of plastic resin. This plastic has the property that light which travels through it is significantly showed down. This makes the wavelength of any given ray of light that travels through it reduced accordingly, without changing the frequency. The wavelength of microwaves (which is what WiFi uses) in air is roughly 10cm, but it is possible, with the right plastic,
Re: (Score:2)
All this all has to go into a tiny connector and that is the limit here. For a cell-phone, conditions are different as you have much more length and area. Still interesting about that plastic. Got a link for it?
Re: (Score:2)
You can bet that when some DEFCON types say "were able to trigger payloads at over 1 mile" they had the best directional antenna they could build on their side, and the best geometry possible. With a crappy embedded antenna on the device side, a mile is about right. You might even run the embedded radio at lower power because it can't be easy to dissipate heat from inside that cable housing.
Re: (Score:2)
But if they can do this, in a city by the way, with a small thunderbolt/USB-C connector at a mile why do I have problems just getting a decent wifi signal from one end of the house to the other?
8^)
Re: (Score:2)
Well,
1) They do not have a "decent" connection, just one they can get some data over
2) They were using the best RF hardware they had (makes a huge difference)
3) They probably had a meter-long antenna precisely pointed at the receiver
4) Some walls are really hard on WiFi signals
Incidentally, you can get external directional antennas for WiFi hardware with signal connectors and that may make a lot of difference. You can also try with power-line repeaters.
But yes, WiFi is not the best part of the spectrum for
Re: (Score:2)
The trick is to not get caught.
Re: (Score:2)
Yes, that's gonna help a lot, because someone who plans to steal your passwords gives a fuck about FCC regulations.
Re: (Score:2)
Well normally when you hack something, you will often break the regulations to do such.
Technically a website with Crappy Security, that can be bypassed by just changing the link (say https://crappysite.com/loginma... [crappysite.com]) is still technically illegal as you are suppose to only know that link after using your login name and password to login.
A mile away? (Score:2)
Okay, it's a cable, how do I get my WiFi appliance to do this.
Re: A mile away? (Score:5, Informative)
All it has to do is buzz out the bits on a low frequency/low bit rate with the cable working as a long wire antenna. Just give it a little buffer.
A defective ballast in a grow lamp is enough to really fuck up shortwave radio reception in a large area, so it wouldn't take much to send slow speed data on a specific frequency a mile away.
Re: (Score:2)
The essence of 802.15.4, 6LoWPAN, and Zigbee. Use low power and low data rate but long range. HAMs have been sending pulses thousands of kilometers on a gnats fart worth of power just for fun.
Re: (Score:2)
Re: (Score:2)
But according to the summary the cable creates a Wi-Fi hotspot. Wi-Fi usually refers to the 802.11 standards. There are frequencies and bit rates associated with these standards.
So as fahrbot-bot asled, if they can do this with a small USB cable and get a mile range why are home Wi-Fi routers so bad at covering a house from one end to the other.
Remember (again according to the the article) the mile range was supposedly in a city so there would have been several buildings between transmitter and receiver (un
ya (Score:1)
Re: (Score:2)
Lightning Cable Gnomes: Ssh! The Apple guy is coming! You know, the one with the "bill me" sign on his back.
Re: (Score:2)
Vs the Android guys who don't need to be hacked, because all their information is freely available to everyone.
apple fix is make it so that apple only cables (Score:2)
apple fix is make it so that cables with an apple chip will be the only cables that will work. Even for basic charge.
Re: (Score:2)
Because Apple thinks only Apple should own your device.
Re: (Score:2)
Your device?
Re: (Score:2)
Spiritual successor (Score:3)
This seems a bit like the spiritual successor to leaving malicious USB sticks laying around and waiting to see if someone will pick one up and plug it into their computer.
Although I suppose if you have physical access to a workspace, you could surreptitiously replace someone's existing lightning charging cable.
Re: (Score:2)
We also learned that for this to be fully effective, the USB cable had to trigger malicious code on the host PC, but I am not sure if this was something the three-letter agency had to get there by planting it, or if the driver code was built in to Windows by Microsoft. So yes, we've known about this general t
Penetration testing (Score:1)
Re: (Score:2)
I am very interested in penetration testing. Both penetrating and being penetrated. Can I make this a career?
200K a month says Yes [cnn.com]
Re: (Score:2)
Re: (Score:2)
Probably going to level out to something more sane pretty soon.
IIIRC, a video cable could reduce aliasing (Score:2)
Nasty. (Score:3)
Me: I can't be eavesdropped, I use cable only. Me big seasoned professionally paranoid computer expert! RARRRR!
Hacker: Hahaha, that cable you're using has a mini-mini-micro-soc on it and the cable itself it its very own very neat low-volt powered antenna. Prepare to be f*cked on an epic scale. Njanjanjanjanaaah! ...
I've been told that if you are an IT person and go to a security conference for the first time you start considering a career-change to sheep herding or something like that. Sounds plausible.
Re: (Score:2)
It's more that you start wrapping everything that could remotely have some kind of chip that might potentially have the ability to connect remotely to something in some layers of tinfoil.
Re: (Score:2)