Skip to main content

Wireless key-logger hidden inside USB-C to Lightning cable

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.

Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables …

We first saw an example of a malware USB-A cable back in 2019 when a security researcher known as MG demonstrated it to Motherboard. He later made the cable available for sale to penetration testers, and has now created a USB-C version.

MG told Motherboard that he did so in part because people claimed it couldn’t be done.

“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong,” MG told Motherboard in an online chat.

The OMG Cables, as they’re called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said […]

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added.

The site was given examples to test, and were able to confirm that they performed as described.

These latest cables have even greater capabilities.

MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.

“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” he said.

It’s not just key-logging you need worry about: Security researchers last year used a modified USB-C cable to take over the T2 security chip in modern Macs. All that is needed to takeover the machine is for the cable to be plugged in.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications