720-891-1663

Return to the list of client alerts

 

Beware of Cables That Have Extra “Features”

A researcher at Def Con, the former hacker’s conference turned corporate security conference, showed an example of an Apple Lightning cable that offered a few extra “features” that were not explained on the package.

Hacked Lightning Cable

If you plug this cable in, it will work as expected –  charge your device or transfer data or whatever.

Using this cable, a hacker within wireless range (say within several hundred feet – he demonstrated it from 300 feet away) could connect to the device, open a terminal window or run various other commands.  The cable can also commit suicide to hide at least some of the evidence.

If you open a terminal window and the user is sitting in front of the computer, he or she will notice it, but if he or she is in a meeting or sleeping, then probably not.

We have seen this with USB cables for a long time;  this is the first time I have seen this with Apple cables.

The cable creates its own WiFi hotspot.  How easy is that.  Since it is plugged into your phone or computer, it has an unlimited power source.

In terms of how to get users to plug them in, it could be a free giveway like we see with candy drops (put a bowl out in a hotel or convention center lobby with the cables and a sign that says free, for example, or covertly exchange them (they are official Apple branded cables that have been modified) covertly – or many other techniques.

One more time, you have to protect the physical device.

Source: Vice.