Security researcher updates OMG Cables to record user keystrokes

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Lightning cable
Credit: Pixabay/CC0 Public Domain

Security researcher Mark Green, (who goes by MG) has revealed to the Vices team at Motherboard that he and his team have upgraded their version of a hacked Lightning cable in a way that allows a hacker to record keystrokes and then to send the data to a designated site. This would allow the device to be used to steal passwords and other sensitive information.

A Lightning cable allows for charging a device such as a smartphone using a computer or laptop instead of a charger. Back in 2019, MG demoed a cable that looked like a Lightning cable but had hacking capabilities built into it. Shortly thereafter, MG reportedly partnered with a cybersecurity vendor called Hak5 and began selling the cables. The idea behind the development of the cable and sales of it were meant not just to highlight, but demonstrate how such simple devices can be altered in minor ways that allow real hackers to take advantage of consumers.

More recently, MG spoke with the team at Motherboard and told them that he has updated the cable to allow it to both record keystrokes and to use an added WiFi chip to broadcast the data it captures to a designated site where hackers could conceivably study the data and use it to their advantage.

MG also told the team at Motherboard that part of the reason he built the new cable was because other experts in the field had claimed that it could not be done due to size and space limitations—there was not enough room inside the connective housing on Type C Lightning cables. MG claims to have proven such experts wrong by adding tiny chips to the cables and then demonstrating that they work in a YouTube of his cable in action. He also told Motherboard that the new cable also has geofencing features that allow for blocking data. Motherboard also tested the cable, and found that it worked as advertised, though admittedly in a close-proximity environment. MG claimed the…

Source…