Tuesday, December 3, 2024
HomeAppleWeaponized iPhone Charging Cable Comes with Payload that Allow Hackers to Hijack...

Weaponized iPhone Charging Cable Comes with Payload that Allow Hackers to Hijack Your Computer

Published on

SIEM as a Service

An iPhone charging cable comes with preloaded payload, scripts, and commands that allows hackers to remotely open the terminal on Mac book screen and control the computer.

The lightning cable looks like an ordinary that often used by iPhone users to connect with Macbook to transfer the data, but this weaponized cable comes with extra components that establish the remote connection to the attack.

The security researcher known as MG in Twitter made this dubbed O.MG Cable told motherboard ” “It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,”  “

- Advertisement - SIEM as a Service

MG made this cable in hand by modifying the real Apple cables and deploy the implant that performs the various malicious operation including executing the script, remotely “kill ” the USB implant.

Typing an IP address of the cable in phone browser will open a list of options such as opening a terminal on Mac, in which hackers can execute the various commands and run all set of tools.

“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way,”  MG said.

He is selling the modified iPhone Charging Cable for $200 each that including “You will get the cable, a bonus physical programmer (if you brick the device or use self destruct), access to the private early access group, and a 50% off discount code that can be used when the production cable goes live on Hak5 

Also, he wanted to produce as a legitimate security tool in the future and also these cables would be made from scratch rather than modified Apple ones.

Currently, an attacker within 300 feet radius with a smartphone can be able to connect with the computer directly.  

“A hacker could use a stronger antenna to reach further if necessary, “But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited.”MG added.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild

A critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting...

Kali Linux 2024.3 Released With New Hacking Tools

Kali Linux 2024.3, the most recent iteration of Offensive Security's highly regarded Debian-based distribution...

Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices

A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the...