Malicious HDMI Cables Steals Photos, Videos, and Location Data

John Bumstead, who works for a company called 404Media that fixes and sells used electronics, found an iPhone-to-HDMI adapter that seemed normal at first. However, the app that came with it was tricky because it asked users to scan a QR code.

This code leads to an ad-filled website, prompting downloads of an invasive app that requests various permissions, collects data, and sends it to China.

Bumstead tweeted about a spy-themed lightning cable, and unlike the HDMI adapter, this cable is a knockoff but resembles Apple’s design.

MG, the researcher behind the malicious Lightning cables, included the risky adapter, anticipating users installing questionable apps.

Malicious activityMalicious activity
Malicious activity (Source – 404Media)

Technical analysis

The researcher used an old iPhone to connect the cord, which displayed a QR code and “LIVE TV” branding. Scanning it led to EZ Cast’s website, boasting over 10M users worldwide.

Check Point previously analyzed an insecure EZCast device, which could be easily brute-forced due to a weak 8-digit password. The company contacted EZCast in 2016 but received no response, indicating a lack of security considerations. 

The website displayed ads for a streaming service called ‘FANJESTIC,’ known for difficult cancellations, unrelated to the EZ Cast app obtained via the QR code.

The app requested location access and Privacy Policy acceptance from Actions Microelectronics Co., Ltd., outlining the collection of the following data:-

  • Email address
  • Use tracking cookies take location
  • Track favorite videos
  • Track videos watched
  • Track bookmarks
  • Track location Data
  • Track Sensor Data
  • Tracking Cookies Data
  • Installed Apps Data

The data collection aimed at targeted ads and required access to the Local Network, photos, settings, Bluetooth, and camera.

While fascinated by unusual cables and gadgets, the adapter’s significance is tied to the FTC’s Amazon lawsuit which highlighted the site navigation issues and spammy ads.

Malicious cords (Source – 404Media)

Recyclers often acquire Amazon returns, including cables Bumstead collects from them. While not entirely certain it all comes from Amazon, recyclers have indicated so, as Amazon disposes of unsold FBA inventory.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

RansomHub Taps SocGholish: WebDAV & SCF Exploits Fuel Credential Heists

SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering…

4 hours ago

Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss

Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in…

4 hours ago

Hundreds of Fortune 500 Companies Have Unknowingly Employed North Korean IT Operatives

North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a…

23 hours ago

Stealthy New NodeJS Backdoor Infects Users Through CAPTCHA Verifications

Security researchers have uncovered a sophisticated malware campaign utilizing fake CAPTCHA verification screens to deploy…

23 hours ago

State-Sponsored Hacktivism on the Rise, Transforming the Cyber Threat Landscape

Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing…

23 hours ago

NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys

Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology platform…

23 hours ago