Wireless key-logger hidden inside USB-C to Lightning cable

A USB-C to Lightning cable with a hidden wireless key-logger can enable an attacker to capture everything you type from a distance of up to a mile.

Any tech-literate person knows you should never plug a USB key into any of your devices unless you trust the person giving it to you, but fewer know that the same applies to USB cables …

We first saw an example of a malware USB-A cable back in 2019 when a security researcher known as MG demonstrated it to Motherboard. He later made the cable available for sale to penetration testers, and has now created a USB-C version.

MG told Motherboard that he did so in part because people claimed it couldn’t be done.

“There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong,” MG told Motherboard in an online chat.

The OMG Cables, as they’re called, work by creating a Wi-Fi hotspot itself that a hacker can connect to from their own device. From here, an interface in an ordinary web browser lets the hacker start recording keystrokes. The malicious implant itself takes up around half the length of the plastic shell, MG said […]

“We tested this out in downtown Oakland and were able to trigger payloads at over 1 mile,” he added.

The site was given examples to test, and were able to confirm that they performed as described.

| You can also read: Protecting Your Devices

These latest cables have even greater capabilities.

MG said that the new cables now have geofencing features, where a user can trigger or block the device’s payloads based on the physical location of the cable.

“It pairs well with the self-destruct feature if an OMG Cable leaves the scope of your engagement and you do not want your payloads leaking or being accidentally run against random computers,” he said.

It’s not just key-logging you need worry about: Security researchers last year used a modified USB-C cable to take over the T2 security chip in modern Macs. All that is needed to takeover the machine is for the cable to be plugged in.

Credit: 9TO5MAC


Leave a Reply

Your email address will not be published. Required fields are marked *


Cyber Training Group International (CTGI) is a Cyber Security Training Institute That Empowers Clients. Your one-stop online platform for all your cyber security awareness and training.

Most Recent Posts

Join Our Webinar

We schedule regular webinars across different geographies and time zones.

Copyright © 2024 Cyber Training Group International | All Rights Reserved