iPhone-like cable can leak what people type; understand – 09/03/2021

Using non-genuine cables always raises the alert: they may not work as expected when connected to electronics. But the risks can go further. Imagine using a cable to connect a keyboard to a computer and it being able to broadcast to cybercriminals whatever you type on the device?

This already exists. This is a non-original version of an iPhone-like cable (with Lightning connector on one side and a type on the other). USB-C). When used, the accessory is able to silently send everything that has been typed on a keyboard by the user, becoming a strategic weapon for cybercriminals.

In an interview with Vice, the security researcher known as MG says that this type of cable is to be used to spy on victims on iPhones, iPads and Magic Keyboards keyboards.

“People said that type C cables are protected against this type of implant because there is not enough space [por sua estrutura compacta]. So clearly I had to prove them wrong,” MG told reporter Joseph Cox.

People who are up to a mile away are able to improperly access the devices connected to the cable. “We tested this in downtown Oakland [cidade na Califórnia] and we were able to deploy payloads over 1 mile [1,6 quilômetro]”explained MG.

A video posted by Cox shows how the tactic works: a person types phrases on an Apple keyboard connected to the monitor, and then the same information is displayed on an iPhone on the side, as you can see below:

Threat technology

The products, known as OMG cables, have a keylogger chip — devices used precisely to record which keys a person types and thus monitor their actions, passwords and other important data.

When connected to a device, the cable activates a wi-fi network. Then, the hacker connects to it and manages to capture the data through any common browser.

In this case, as the ends of the C-type cables are smaller, the chip is quite small. According to MG, it occupies half of the plastic cover of the connectors and there are no differences in appearance, which reduces the risk of generating suspicion in relation to official Apple models.

According to the report, Apple did not respond to the request for comment on the case.

Historic

In 2019, MG had already introduced a parallel Lightning cable similar to the original capable of remotely controlling Apple computers.

The technology involved in the accessories, also known by the acronym OMG, also uses a wi-fi point for the cybercriminal to scrutinize victims’ information.

At the time, the item was presented at a security conference and was sold by hand by the researcher, according to information from Vice. Then cybersecurity vendor Hak5 began mass marketing the product.