Australians are being warned to stick with branded Apple charging cables after a US carrier employee demonstrated how a standard Apple USB Lightning cable can be rigged with a small, almost invisible Wi-Fi-enabled implant.
The device looks exactly like a standard Apple USB Lightning cable and is like ones being sold in markets across Australia and cheap cable corner store consumer electronic shops.
The carrier employee who goes by the Twitter handle @_MG_, created the tool to highlight outstanding security risks associated with a basic Apple cable.
The implant allows other parties to access the said device and, potentially, wreak havoc by sending phishing pages to the victim’s screen.
Once an unsuspecting person plugs it in, extra components inside the cable remotely connect the hacker to the computer.
Embedded with scripts and commands which are ready to run on a victim’s device, it allows the hacker to assume control of a smartphone or laptop.
They can also ‘kill’ the USB implant, which erases evidence of its use.
‘It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,’ the security researcher told Vice.
‘It’s like being able to sit at the keyboard and mouse of the victim but without actually being there.’
He unveiled his project at the annual Def Con hacking conference in Las Vegas, Nevada, explaining that he spent thousands of dollars in the process, with each doctored cable taking four hours to make.
Although this exercise was focused on an Apple product, ‘MG’ warns that Wi-Fi-enabled implants are small enough to be used in accessories issued from other virtually every other smartphone brand.
‘This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,’ he told TechCrunch.
‘Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.’
