Yes, sometime it comes with charges or other accessories. I have got freebies like car charger, wall charger etc with purchase of some items.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yes, sometime it comes with charges or other accessories. I have got freebies like car charger, wall charger etc with purchase of some items.
Sometimes i used to wonder why Apple invested so much in building its self-owned-retail-shop. With so many darn perfect clones of just about everything, the reason is getting clearer and clearer.
I would say the solution is a cable with clear molding/insulator so you can see that there isn’t any active components/circuitry inside however USB to lightning cables do have active circuitry in them to begin with so that doesn’t work either.
Last edited:
Wow this is pretty concerning. But the real question is how many of us actually plug in our iPhones anymore? With all the data and backup being on the cloud, physically plugging in the phone has become more or less redundant. If it was not scary enough using an aftermarket cable lest it shorts and destroys your device, we have more security concerns now!
What this method improves upon the 'random USB stick' attack is that it is far easier to switch out somebody's Lightning cable than somebody's USB stick without them noticing, as (a) people are more likely to own and use a Lightning cable than a USB stick nowadays and (b) it would much more difficult to find a matching, compromised copy of whatever particular USB stick the target is using, even if you had to the time to first do reconnaissance.
[doublepost=1565686891][/doublepost]
I frequently plug in things into the USB ports of my computer ... to merely charge them. Why buy an extra charger when your already have a couple of USB ports directly on your desk?
[doublepost=1565687124][/doublepost]
What capabilities the malware in this cable actually has is unclear, in particular how autonomous it can operate. If it really can get into a Terminal window, it might also be able to extra the WiFi password or just connect to any server from the command line directly (I don't think you need any local password to run the SSH command in the Terminal).
Last edited:
It’s mimicking a keyboard/mouse... It can get to a terminal window by someone close by opening one. It’s not running code on your local machine.
Ahem, no.
What this is: Into the cable, they have built in a tiny device that pretends to be a USB keyboard, and that starts typing.
Just try typing this on your Mac: <Command-space> Terminal.app <return key> That will open the Terminal application, and then you can start typing commands. And the fake keyboard inside this device can do exactly the same.
[doublepost=1565691171][/doublepost]
Shredder.
[doublepost=1565691304][/doublepost]
You can buy a cheap adapter that connects only the power lines and not the data lines. Also useful for totally not criminal purposes, when a friend needs his phone charged and you want to avoid any stupid messages that iTunes wants to pair his phone with your Mac.
[doublepost=1565691378][/doublepost]
If someone wants an Apple-branded cable to cut open and insert stuff, they can just go to any Apple Store and they can buy as many as they like.
The motivation for a security researcher is obviously to research security, specifically to find previously unknown security flaws. In addition, this flaw may also be already known to other people who are exploiting it quietly. History has shown repeatedly that security flaws are routinely ignored by corporations until someone shouts about them.
This guy is forcing Apple to close a security flaw that others may already be using. Self serving? Yes, and deservedly so.
And display a six digit security code on the screen that you need to type in before the new keyboard can be used. Minor inconvenience for anyone buying a new keyboard. Major confusion for anyone plugging in that cable. ?Keyboard? What f***ing keyboard? Is my Mac going mental? I just plugged in a charging cable. "
So would this close-by person need visual access to the screen to do so? Or couldn't you just open a Terminal window by simply invoking Spotlight with a keyboard shortcut, type 'Terminal' and hit enter? And that would be something that could be launched in a completely automated fashion? Or is the trick that all of this only works while the screen of the computer is unlocked and the attacker would need to be nearby to know whether and when the screen was unlocked?
The market for this isn't really the likes of you and me with nothing better to do than surf Internet forums. It's mainly for people who want to access computers in their possession that have either been stolen, or have been confiscated by law enforcement agencies, espionage, etc.
The computer would need to be unlocked for anything to work. You can’t bypass the lock screen etc with this.
And even if you could launch terminal, you couldn’t open/install anything without the user providing their password.
It’s a neat proof of concept I guess, but not super worrisome.
How is this news? I read about this sort of fake-USB-devices attacks back in Windows 98 days, and they suggested OS makers to do something about it.
25 years later, OSs still accept anything that gets plugged into a USB port without asking.
Sure, in 1998 you couldn't fit a wi-fi access point into a cable plug, you needed something larger like a keyboard or a mouse, but the concept is still exactly the same.
25 years later, OSs still accept anything that gets plugged into a USB port without asking.
Sure, in 1998 you couldn't fit a wi-fi access point into a cable plug, you needed something larger like a keyboard or a mouse, but the concept is still exactly the same.
Well it is news to someone whose not well verse with back door and manipulation vis a vis . Plus when its happening to Apple eco system it will always be blown out of proportion as usual.
Imagine if we still used these connectors? Hackers would have room to install a supercomputer, 10Kw transmitter, 6k camera, and 10.2 surround sound system.
Though while the screen stays unlocked they could copy files to a server? And you can open applications and files via keyboard access alone (via the Terminal). But I agree, requiring the screen to be unlocked and not having any privileges to install anything or access any user-password protected areas does limit the damage this could do significantly.
While I can see that happening for keyboards but how do you deal with mice?
I know already that Apple pops something up for a new keyboard that is not an Apple one to gets its layout the first time it sees it.
Or how do you deal with addressing during a reboot?
This is more of a longer list of problems with usb that I think will need to be addressed.