Friday, March 29, 2024

Weaponized iPhone Charging Cable Comes with Payload that Allow Hackers to Hijack Your Computer

An iPhone charging cable comes with preloaded payload, scripts, and commands that allows hackers to remotely open the terminal on Mac book screen and control the computer.

The lightning cable looks like an ordinary that often used by iPhone users to connect with Macbook to transfer the data, but this weaponized cable comes with extra components that establish the remote connection to the attack.

The security researcher known as MG in Twitter made this dubbed O.MG Cable told motherboard ” “It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,”  “

MG made this cable in hand by modifying the real Apple cables and deploy the implant that performs the various malicious operation including executing the script, remotely “kill ” the USB implant.

Typing an IP address of the cable in phone browser will open a list of options such as opening a terminal on Mac, in which hackers can execute the various commands and run all set of tools.

“In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable. And these prototypes at Def con were mostly done the same way,”  MG said.

He is selling the modified iPhone Charging Cable for $200 each that including “You will get the cable, a bonus physical programmer (if you brick the device or use self destruct), access to the private early access group, and a 50% off discount code that can be used when the production cable goes live on Hak5 

Also, he wanted to produce as a legitimate security tool in the future and also these cables would be made from scratch rather than modified Apple ones.

Currently, an attacker within 300 feet radius with a smartphone can be able to connect with the computer directly.  

“A hacker could use a stronger antenna to reach further if necessary, “But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited.”MG added.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles