Fake iPhone charger warning: Hacked cable lets cyber crooks hijack your computer
- Mirror 13th Aug 2019 15:35:30 GMT +0300
A fake iPhone charger has been developed that could allow cyber crooks to hijack victims' computers.
The charger, created by security researcher Mike Grover, looks like a genuine Apple Lightning cable, commonly used to charge iPhones and sync them to iTunes.
However, when it is plugged into a computer and connected to WiFi, it gives the hacker full control over the system, allowing them to carry out commands remotely.
Grover revealed the cable, dubbed O.MG, at last week's DefCon cybersecurity convention in Las Vegas, highlighting what he says has been an under-investigated area of mobile security.
SEE ALSO :Liverpool players gifted customised gold-plated iPhone X for UCL victory [Photos]
"It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable," he told Motherboard .
Grover says that the cable, which thankfully is only a prototype, could be used to download and launch malware, remove devices from Wi-Fi networks, and even reconfigure systems.
"It’s like being able to sit at the keyboard and mouse of the victim but without actually being there," he said.
Grover made the cables by hand, painstakingly modifying real Apple cables to include the "implant" containing the components that allow the computer to be accessed remotely.
He is selling the cables for $200 (£165) each.
SEE ALSO :Design genius behind the iPhone, to leave Apple after 27 years
The current version requires the attacker to be within 300 feet of the victim, but Grover said a hacker could use a stronger antenna to reach further if necessary.
"The cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited," he said.
Apple recently announced that it will pay ethical hackers more than $1 million if they responsibly disclose dangerous security vulnerabilities to the firm.
The new “bug bounty”, up from a previous maximum of $200,000, is designed to discourage security researchers from selling the bug to governments or contractors who intended to use it to hack state enemies, rather than fix it.
We are undertaking a survey to help us improve our content for you. This will only take 1 minute of your time, please give us your feedback by clicking HERE. All responses will be confidential.
iPhoneCharger cableLas Vegas