If it looks like a charging cable, smells like a charging cable, and charges up your phone like a charging cable, it must be a charging cable, right?
Well, Kind of. But that doesn’t mean that’s all it is.
Mike Grover, a San Francisco-based security researcher that goes by @MG on Twitter, has built an iPhone charging cable that, when connected to your phone on one end and your laptop on the other, can hack into your computer.
Sound sinister? Only because the stakes are so high. The mastermind behind the hack can send phishing emails (or worse) right to your screen with a wireless connection and close proximity.
Grover began experimenting with malicious cables back in 2017 as part of a bid to teach himself how to design, fabricate, and assemble printed circuit boards, which he does by hand with consumer tools from his kitchen.
Then a funny thing started happening: People caught wind of Grover’s cords, so he decided to start selling them. Right now, Grover’s O.MG Cables go for $200 each. He hopes to bring the cost down to $100 per unit in the near future.
“The sales part is just what it evolved to after lots of people saw it and wanted one,” Grover tells Popular Mechanics.
Once you add a wireless interface to the circuit board inside the charging cord, a hacker has the ability to add payloads, like phishing attacks, onto the user’s screen.
Grover says there’s more functionality to come, but the current state is a proof of concept on what he calls “one of the harder physical products to implant.” Apple has been a challenge, he says, while devices from other brands are much easier to convert into O.MG cables.
Lorrie Faith Cranor, director of CyLab—the privacy and security research center on Carnegie Mellon University’s Pittsburgh campus—says these sorts of hardware threats are commonly showcased at DEF CON, the long-running underground hacking conference, but that shouldn’t be a reason to start freaking out.
“We don’t see them as much in the wild because they require physical proximity to deploy,” Cranor tells Popular Mechanics. “But dropping infected thumb drives in parking lots and installing skimmers on credit card readers is something that definitely happens.”
To keep safe from an attack, you could try using “USB condoms” to keep your computer safe. These small devices, which resemble flashdrives, are formally called SyncStops. They prevent accidental data transfers when your device is plugged into a foreign computer or public charging station with a USB cable. The devices block the data pins in USB cables and allow only power to flow through.
Still, there are risks to these kinds of devices.
“Anything with a USB connector is probably going to make a nice home for this specific implant,” Grover says. “I have even implanted those ‘USB condoms’ that are designed to block malicious devices from attacking your device.”
Your best bet: Buy a bundle of charging cords on Amazon for a cool $15. And if you see a free charging cable left on a table at Starbucks, don’t touch it with a five-foot stick. Better just burn it.
Source |Popular Mechanics