Every year, Las Vegas is host to one of the world’s largest conferences devoted to hacking — Def Con. The 2019 edition of the conference, Def Con 27, took place in August. Many of the events and talks held at Def Con are primarily of interest to hard-core geeks and cybersecurity experts, but one particular revelation from the 2019 convention should get everyone’s attention.
The issue involves an innocent-looking Apple Lightning cable, designed to connect Apple’s mobile devices to computers, monitors, and other devices.
Few people look at cables as potential threats.
At Def Con 27, Mike Grover, a security researcher whose online name is MG, demonstrated that he could modify the Lightning cable to give him unauthorized remote access to a device. Grover implanted a Wi-Fi-enabled chip in the cable that allowed him to run commands on the computer to which it was connected. This modification would also allow transmission of malicious data.
The modified cable, called the O.MG (Offensive MG), would allow a hacker to lock a screen and gather passwords when the user logged in, as well as to run different commands and scripts. A phishing attack, or any number of other threats, could then be launched.
Grover, who works for Verizon Media as a cybersecurity tester (a so-called red teamer), claims that the implant can be adapted to other USB cables, and points out that, at present, few people look at cables as potential threats. Grover also claims to have spent a good deal of his own money on this hack, and says he is pursuing its development. He believes that his modified cable can help push the discussion about new cyber threats forward. His goal is to have the O.MG marketed as a legitimate security device, although he has not specified what role it would play.
Are you worried about being hacked through malicious hardware? Get in touch with CITI. We can create a security awareness campaign for your whole team to make your entire organization less vulnerable to hackers.