Every year, Las Vegas is host to one of the world’s largest conferences devoted to hacking — Def Con. The 2019 edition of the conference, Def Con 27, took place in August. Many of the events and talks held at Def Con are primarily of interest to hard-core geeks and cybersecurity experts, but one particular revelation from the 2019 convention should get everyone’s attention.
The issue involves an innocent-looking Apple Lightning cable, designed to connect Apple’s mobile devices to computers, monitors, and other devices.
Few people look at cables as potential threats.
At Def Con 27, Mike Grover, a security researcher whose online name is MG, demonstrated that he could modify the Lightning cable to give him unauthorized remote access to a device. Grover implanted a Wi-Fi-enabled chip in the cable that allowed him to run commands on the computer to which it was connected. This modification would also allow transmission of malicious data.
The modified cable, called the O.MG (Offensive MG), would allow a hacker to lock a screen and gather passwords when the user logged in, as well as to run different commands and scripts. A phishing attack, or any number of other threats, could then be launched.
Grover, who works for Verizon Media as a cybersecurity tester (a so-called red teamer), claims that the implant can be adapted to other USB cables, and points out that, at present, few people look at cables as potential threats. Grover also claims to have spent a good deal of his own money on this hack, and says he is pursuing its development. He believes that his modified cable can help push the discussion about new cyber threats forward. His goal is to have the O.MG marketed as a legitimate security device, although he has not specified what role it would play.
Are you worried about being hacked through malicious hardware? Get in touch with CITI. We can create a security awareness campaign for your whole team to make your entire organization less vulnerable to hackers.
Is your company looking to move IT operations and assets to the cloud smoothly and without disruption? We'll move you to the right cloud. CITI’s cloud migration specialists have extensive experience helping businesses eliminate premises networks with minimal disruption and cost. Considering moving to the cloud? Find out if the cloud is right for your company.
Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.
There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.
Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.
Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.
Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.