It’s a best practice to avoid plugging random USB accessories into your iPhones or Macs. A new proof-of-concept hacking device illustrates why.
Even the only moderately tech-savvy among us probably know that USB flash drives can be host to all sorts of nasty malware. But security researcher Mike Grover demonstrates why all USB accessories — even ones as innocuous as cables — could be used against you.
Grover developed a device he calls the O.MG cable. At first glance, it looks like your standard Apple USB-A to Lightning cable. Actually, it looks like that at second and third glance, too.
But the cable actually houses a small chip that can be used to run malicious apps and even take control of a computer that it’s
In a video posted to Twitter, Grover showed off the capabilities of the O.MG cable.
He simply plugs it into a Mac and opens the corresponding interface on his iPhone. From there, he’s able to open a phishing page that could be used to steal passwords and login credentials from users.
But it doesn’t stop there — Grover told PC Mag that the cable can also be used to deliver payloads (a.k.a., malware and viruses) and other attacks on a system. The cable, which works just like any external accessory plugged into a computer, can also keep a Mac from falling asleep by simulating mouse movements.
The O.MG cable can also be used to connect to nearby Wi-Fi networks, presumably that means it could run malware on devices that it isn’t directly connected to.
Grover developed and built the cables himself using a CNC milling machine. He said on the O.MG product page that he’s looking to produce cables for researchers and others in the security industry.
As a security researcher, he notes that the point isn’t to “cause mayhem” but to raise awareness of potential threats to our digital devices.
To be clear, a maliciously modified USB cable probably isn’t going to end up in your bag or pocket anytime soon. Gear like this is most often used in the espionage or information security fields, and not to target the average user.
But it does illustrate the perfect point about random accessories. They could be a lot more dangerous than they appear.
Apple, for its part, seems to be aware that devices like this exist. In the past, it has regularly worked to shut down loopholes exploited by iPhone hacking devices. That includes measures like USB Restricted Mode and other under-the-hood changes.
As far as macOS goes, there doesn’t appear to be an analog to USB Restricted mode (although the T2 chip has built-in security features). But knowing how seriously Apple takes privacy and security, it’s not a stretch to think say that it could debut a measure to mitigate these types of attacks.