A dire warning has been issued to iPhone users over charger sharing.
Ryan Montgomery, a cybersecurity professional, said that a perfectly normal-looking iPhone charger can actually “wreak havoc on your computer or phone.”
That’s because the insidious cable contains a hidden implant with a web server, USB communications and Wi-Fi access, allowing it capture keystrokes, steal credentials, exfiltrate data, and even install malware.
Called the “O.MG Cable,” this deceptive hacker device became publicly available in 2019 when it went on sale for just $180.
In a video on his Instagram, he plugged a seemingly ordinary charger into a ‘new’ computer. “This is a fully functional cable, you can still charge a phone with it,” he said.
But “With this cable plugged in, I have full access to this computer,” he explained.
Without even plugging his iPhone into the other end of the cable, he accessed the computer remotely by pressing a single button on his phone.
‘It is designed to allow your Red Team to simulate attack scenarios of advanced adversaries. Until now, such a cable cost $20,000,” Hak5, which sells the device, said on its website.
A cybersecurity professional has warned that a perfectly normal-looking iPhone charger could actually ‘wreak havoc on your computer or phone’
A ‘Red Team’ is a group of cybersecurity professionals who simulate real hacks.
The cable’s creator, security researcher Mike Grover, said: ‘It’s a cable that looks identical to the other cables you already have.
‘But in each cable I put an implant with a web server, USB communication and Wi-Fi access. So it plugs in, turns it on and you can connect to it.”
He claimed that the cable would allow him to access a device up to 300 feet away, and that if he configured the cable “to act as a client for a nearby wireless network,” the distance would become unlimited.
Not only is it impossible for someone to know if he or she has encountered one of these deceptive cables, but there is almost no way to know when you are being actively attacked.
That’s why the O.MG cable is called the ‘world’s most dangerous USB cable’.
Worryingly, the capabilities of the O.MG cable are becoming increasingly sophisticated.
Grover said Forbes that the newly released ‘Elite Series’, launching in 2023, will be available in multiple form factors, including USB-A cables, USB-C cables, USB-A to -C adapters and, shockingly, USB data blockers – so even these security devices can be secretly malicious.
And the upgrades in this latest series have added data exfiltration (or the ability to steal data) to the cables’ low-profile specs.
While the O.MG cable can easily be obtained and used by someone with malicious intent, they are actually designed for professional hackers like Montgomery, who test data systems for vulnerabilities.
For this reason, Grover has equipped the cables with a number of safety nets, allowing a Red Team, for example, to limit the cable’s access range to a specific location.
When this feature is enabled, taking it outside that zone will cause it to stop working or self-destruct.
Additionally, Grover designed the cables so that they do not sync and charge when turned on, shortening the undetected attack window when connected to a smartphone.
But it looks like some dastardly hackers have already gotten their hands on the O.MG cable. In 2023, the FBI stated, “Bad actors have devised ways to use public USB ports to introduce malware and monitoring software to devices.”
The Federal Communications Commission (FCC) has also previously warned about “juice jacking,” in which hackers weaponize charging stations with USB ports, such as those found in airports or hotel lobbies, to steal your data.
But in this scenario, it’s not the cable that’s hacking your device, it’s the socket itself. While this has proven technically possible, cybersecurity experts say the risk to the public is nominal.
However, the O.MG cable poses a very real threat. That’s why experts have advised against using a charger that you haven’t purchased for yourself, as it could get damaged.