What you need to know
- A security researcher created a Lightning cable that could comprompise computers.
- Early cables were hand-built in limited quantities.
- The cables can now be mass-produced and sold online.
We told you about a security researcher who had created a Lightning cable capable of compromising a Mac or PC back in August. At the time the cable was being hand-built with only a few available at $200 apiece. But things have moved on since then, and they're now being mass-produced.
In a conversation with Vice the inventor of the cable said that the first cable was successfully made in a factory in recent days. And according to his tweets, he's going to put the cables up for sale, too. The person, going by the name MG, calls the cables O.MG Cables and potential customers can sign up to be notified when they're available to buy.
As their online store says, this cable can give people remote access to a computer once it has been plugged in. Attackers can then run remote commands and access files, too. MG boasts that "it's like being able to sit at the keyboard and mouse of the victim but without actually being there".
The cable itself looks like a genuine Apple cable and we suspect the vast majority of people wouldn't know any different. But once it's connected, the possibilities are a concern. MG also suggests there are more features to come, too.
The O.MG Cable allows new payloads to be created, saved, and transmitted entirely remotely. The cable is built with Red Teams in mind with features like additional boot payloads, no USB enumeration until payload execution, and the ability to forensically erase the firmware, which causes the cable to fall entirely back to an innocuous state. And these are just the features that have been revealed so far.
The site doesn't mention how much the cables will sell for, but the fact that MG doesn't appear to be selective about who they're sold to does open the door to them being picked up by bad actors, rather than security researchers.