This Innocent Lightning Cable Is A Hacker’s Dream Tap For Everything On Your Machine
The “duck test” states that if you see something and “it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.” However, this same logic path cannot be applied to everything, such as USB
cables which could contain more than meets the eye. In the past year, a security researcher and red-team hacker nicknamed “Mischief Gadgets,” or MG for short
, has developed, updated, and publicly released a family of USB cables that can be used to steal sensitive information like passwords and usernames.
Since 2008, the concept of a USB implant has existed on the Internet thanks to the NSA and a leaked project called COTTONMOUTH-I. COTTONMOUTH-I was a $20,000 USB implant that would “provide a wireless bridge into a target network as well as the ability to load exploit software onto target PCs.” As it is just a USB on the end of a keyboard, mouse, or other peripheral, it would not be suspected, therefore allowing some semblance of persistence for the malicious person or group. Since then, organizations like the NSA have likely perfected this technology, but now something similar has been made public.
The O.MG Keylogger Cable
from Mischief Gadgets is like the COTTONMOUTH-I in that it allows keystroke logging and injection, remote access over WiFi, on-boot payloads, customizable self-destruct, and more. You can see what this looks like in action with the initial introduction video
from last year, but things have also changed since then. This includes new firmware features as well as additional O.MG cable varieties, such as USB-C
to USB-C or Lightning to USB-C options.
Furthermore, the technology within the O.MG cable is significantly smaller than its COTTONMOUTH counterpart from 2008. Subsequently, all of the O.MG cables are nearly indistinguishable from their regular versions, such as the O.MG USB-C to Lightning cable pictured next to a regular cable below. However, do not equate its size to the threat this poses, as the O.MG cable is reportedly able to receive signals in a city up to a mile away.
Even more concerning is that these cables can be purchased by anyone with $120 to $180 in spare cash through a website called Hak5
, which provides a variety of gear with hacking in mind. Of course, this will not be an issue for most people, provided they trust their device cables and use no one else’s. In any event, though, let us know what you think of this sneaky cable in the comments below.
(Cottonmouth image courtesy of nsa.gov1.info. Cable comparison image courtesy of Vice.)