Thursday, May 1, 2025
HomeCyber Security NewsMalicious HDMI Cables Steals Photos, Videos, and Location Data

Malicious HDMI Cables Steals Photos, Videos, and Location Data

Published on

SIEM as a Service

Follow Us on Google News

John Bumstead, who works for a company called 404Media that fixes and sells used electronics, found an iPhone-to-HDMI adapter that seemed normal at first. However, the app that came with it was tricky because it asked users to scan a QR code.

This code leads to an ad-filled website, prompting downloads of an invasive app that requests various permissions, collects data, and sends it to China.

Bumstead tweeted about a spy-themed lightning cable, and unlike the HDMI adapter, this cable is a knockoff but resembles Apple’s design.

- Advertisement - Google News

MG, the researcher behind the malicious Lightning cables, included the risky adapter, anticipating users installing questionable apps.

Malicious activity
Malicious activity (Source – 404Media)

Technical analysis

The researcher used an old iPhone to connect the cord, which displayed a QR code and “LIVE TV” branding. Scanning it led to EZ Cast’s website, boasting over 10M users worldwide.

Check Point previously analyzed an insecure EZCast device, which could be easily brute-forced due to a weak 8-digit password. The company contacted EZCast in 2016 but received no response, indicating a lack of security considerations. 

The website displayed ads for a streaming service called ‘FANJESTIC,’ known for difficult cancellations, unrelated to the EZ Cast app obtained via the QR code.

The app requested location access and Privacy Policy acceptance from Actions Microelectronics Co., Ltd., outlining the collection of the following data:-

  • Email address
  • Use tracking cookies take location
  • Track favorite videos
  • Track videos watched
  • Track bookmarks
  • Track location Data
  • Track Sensor Data
  • Tracking Cookies Data
  • Installed Apps Data

The data collection aimed at targeted ads and required access to the Local Network, photos, settings, Bluetooth, and camera.

While fascinated by unusual cables and gadgets, the adapter’s significance is tied to the FTC’s Amazon lawsuit which highlighted the site navigation issues and spammy ads.

Malicious cords
Malicious cords (Source – 404Media)

Recyclers often acquire Amazon returns, including cables Bumstead collects from them. While not entirely certain it all comes from Amazon, recyclers have indicated so, as Amazon disposes of unsold FBA inventory.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security in 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Preparing for Quantum Cybersecurity Risks – CISO Insights

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief...

Securing Digital Transformation – CISO’s Resource Hub

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...