Fake iPhone charger warning: Hacked cables let cyber crooks hijack your computer

A fake iPhone charger has been developed that could allow cyber crooks to hijack victims' computers.

The charger, created by security researcher Mike Grover, looks like a genuine Apple Lightning cable, commonly used to charge iPhones and sync them to iTunes.

However, when it is plugged into a computer and connected to WiFi, it gives the hacker full control over the system, allowing them to carry out commands remotely.

Grover revealed the cable, dubbed O.MG, at last week's DefCon cybersecurity convention in Las Vegas, highlighting what he says has been an under-investigated area of mobile security.

"It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," he told Motherboard .

Grover says that the cable, which thankfully is only a prototype, could be used to download and launch malware, remove devices from Wi-Fi networks, and even reconfigure systems.

"It’s like being able to sit at the keyboard and mouse of the victim but without actually being there," he said.

Grover made the cables by hand, painstakingly modifying real Apple cables to include the "implant" containing the components that allow the computer to be accessed remotely.

He is selling the cables for $200 (£165) each.

The current version requires the attacker to be within 300 feet of the victim, but Grover said a hacker could use a stronger antenna to reach further if necessary.

"The cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited," he said.

Apple recently announced that it will pay ethical hackers more than $1 million if they responsibly disclose dangerous security vulnerabilities to the firm.

The new “bug bounty”, up from a previous maximum of $200,000, is designed to discourage security researchers from selling the bug to governments or contractors who intended to use it to hack state enemies, rather than fix it.

Source: Read Full Article