For activists in dangerous places, like, say, Russia or Iran or Hong Kong, yeah, it could be pretty scary. Like life & death scary. But I agree there's virtually no way to protect against it, since government agencies who really wanted you could just intercept an internet purchase while in the heads of the delivery company and switch them there.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer
- Thread starter MacRumors
- Start date
- Sort by reaction score
For activists in dangerous places, like, say, Russia or Iran or Hong Kong, yeah, it could be pretty scary. Like life & death scary. But I agree there's virtually no way to protect against it, since government agencies who really wanted you could just intercept an internet purchase while in the heads of the delivery company and switch them there.
You know they still have physical stores where you can walk in and buy things...
Shocker I know, but there are people out there with sensitive information on their Macs.
The article says the cables are Apple cables that area modified and re-sold. Am I missing something?
You'd have to prove the compromised Apple cables are also sold by Apple.
What is Apple's procedure for dealing with returned cables?
Well, I actually *do* have a couple of new lightning cables laying around. Want one? :-D
Yea because broadcasting all your data so anyone in the vicinity has a chance to intercept it is WAAAYYYY more secure than using a cable....
Last edited:
This is why i pay premium for Apple. In a world where almost everybody is corrupt and opportunistic, apple is the one i can trust more. It is not perfect, but it is the most trustful company in the world.
I pay premium because they have something to lose; i pay premium because i know they will implement the best security practices in the entire world.
If Apple can't deliver security, nobody can.
And this is also why i don't want software from nobody else, but Apple. People don't know what they are doing. People don't know what security is.
I pay premium because they have something to lose; i pay premium because i know they will implement the best security practices in the entire world.
If Apple can't deliver security, nobody can.
And this is also why i don't want software from nobody else, but Apple. People don't know what they are doing. People don't know what security is.
The point is that because tampered goods are out there, you need strong protections to make sure they don't get in. I went on Amazon and clicked on the first Anker product I found, and it's sold by "DomieDirect". With such an indirect supply chain, somebody could easily make tampered goods before the first customer shipment and sell them on Amazon.
Has Anker or Domie or whoever audited the factories these things are made at? What's their policy to ensure their chips are authentic? Who is DomieDirect anyway, are they owned by a foreign government?
If you're a targeted individual for investigation or to be spied upon, it will be quite easy to get a cable in your hand. Or maybe a targeted individual or company ordered online from Apple, the CIA intercepts your delivery to replace the cable. We already know that packages are diverted, intercepted and tampered with.
So this is an interesting one. USB protection (as the article notes) protects IOS devices from malicious connections, but not Mac's. Having to do the reverse (allow USB devices to connect to the mac) would be a nice security feature, but not something to throw in last minute for Catalina. In the meantime, practice safe computing - and as noted above, don't buy cables from Amazon or other cheap/untrusted/etc sources. If this is in your threat model, walk into an apple store and buy one there (assuming the bad guy hasn't repackaged them and seeded them back on the shelf...but that's another FUD).
I don't know. I don't buy Apple cables anywhere but from Apple considering that Amazon is a source of counterfeit Apple cables. Or so I've heard.
But, my logic was that the modified cables in the article are Apple cables and Anker cables are not at all
Apple cables. Therefore Anker cables "should be" safe.
Regarding the cable quality, our Apple cables have held up better than most 3rd parties that we've tried. But, lately we've tried some Anker cables and they seem to hold up pretty well too. I like the Powerline 2 with nylon braiding and metal casings for the connectors.
Is USB-C more secure by default? I'd trust an open standard to do better to prevent this than a private one.
Oh great. So even a lightning cable purchased directly from Apple could have a man-in-the middle attack,!(as the FBI/CIA/NSA are known to do) and the seemingly genuine Aple cable is tainted w spyware.
Only safe way to buy electronic equipment nowadays is to walk into a store & pull the item off a stocked shelf. Man in the middle not possible then.
Only safe way to buy electronic equipment nowadays is to walk into a store & pull the item off a stocked shelf. Man in the middle not possible then.
Did any of you people read the article??? One dude made a few cables. It's a proof of concept. The hacker would need to get you to use his cable. Then he'd need to be within 300ft of you.
That's why I buy Apple cables. From Apple. Even though the 2m one cost 35 CHF.
I also don't connect to random chargers or charging-stations.
I also don't connect to random chargers or charging-stations.
Wow, I actually forgot about wireless iTunes syncing. Literally not done that for a few years now, as it was slower than with the cable, some years ago. That ‘switch’ has always been turned off.
It’s followed me via backups to every phone since lol.