Dubbed OMG Cables, these new variants are more capable than their counterparts. According to their creator, payloads can be triggered from over one mile away. Attackers can use them to log keystrokes and change keyboard mappings. There is also a geofencing feature, a kill switch and the ability to forge the identity of specific USB devices, like those that can leverage a specific vulnerability.
We’ve long since been told to be leery of inexpensive third-party phone chargers and USB cables due to their inferior quality. In recent years, we’ve also been warned about the potential for security vulnerabilities related to such devices.
Back in 2019 at the annual Def Con hacking conference, a security researcher who goes by MG showed off an Apple Lighting cable that looked and functioned as if it had been pulled right out of a box in an Apple retail store.
Hiding inside the cable, however, was a tiny bit of additional hardware capable of creating a Wi-Fi hotspot. An attacker within 300 feet of the cable could use that hotspot to remotely hijack a victim’s computer.
MG has since evolved the design to create new physical variations that are compatible with even more interfaces, including a Lightning to USB-C cable. The user told Motherboard that there were people who thought Type C cables were safe from this sort of implant due to size limitations. “So, clearly, I had to prove that wrong,” MG said.
“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” MG told the publication.
The pandemic, however, has made it difficult for MG to manufacture the devices. “If any individual component is out of stock, it is basically impossible to find a replacement when fractions of millimeters are important,” he said. “So I just have to wait 12+ months for certain parts to be in stock.”