But then again apple cable are known for being frayed easily at the then owhh well then the hackers wont have total control on a piece of frayed cable.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer
- Thread starter MacRumors
- Start date
- Sort by reaction score
laz232: "A more realistic threat is as freebies at business to business tradeshows."
Scenario 1: Engineer from target company A (say, Boeing), visits booth of Evil Corp Inc.. Talks to their sales guys, gets shown the new modelling SW / new wiring harness / new hydraulic pump - whatever. Rep from Evil Corp Inc says "hey was great talking to you - here's my card and have this" (hands over Evil Corp mug and cable). This allows for a targeted attack.
Scenario 2: Good Corp - say a company know to be a major supplier to Mil / Aerosapce, places an order of Good Corp branded Lightning cables with Best Price Cables (China). Best Price cables is a front by the Chinese Intel Services.
In qty these doctored cables are 5USD / 10k units, i.e. costs the Chinese Intel services 50k USD to have a great shot at free spying. Good Corp is none the wiser and all the companies that have visited the Good Corp stand are potentially compromised (at the user level).
I have been to a lot of trade shows as an engineer: USB sticks, charge cables, rulers, Bluetooth speakers, MP3 players, mugs, t-shirts. I normally don't take any of that crap on principle - but I have gotten (and used :-o) a USB-A to Micro-USB / Lighting charge cable from Huber Suhner (look them up).
I think we have a completely different understanding of the economics of trade shows, business and industrial spying / intelligence
Scenario 1: Engineer from target company A (say, Boeing), visits booth of Evil Corp Inc.. Talks to their sales guys, gets shown the new modelling SW / new wiring harness / new hydraulic pump - whatever. Rep from Evil Corp Inc says "hey was great talking to you - here's my card and have this" (hands over Evil Corp mug and cable). This allows for a targeted attack.
Scenario 2: Good Corp - say a company know to be a major supplier to Mil / Aerosapce, places an order of Good Corp branded Lightning cables with Best Price Cables (China). Best Price cables is a front by the Chinese Intel Services.
In qty these doctored cables are 5USD / 10k units, i.e. costs the Chinese Intel services 50k USD to have a great shot at free spying. Good Corp is none the wiser and all the companies that have visited the Good Corp stand are potentially compromised (at the user level).
I have been to a lot of trade shows as an engineer: USB sticks, charge cables, rulers, Bluetooth speakers, MP3 players, mugs, t-shirts. I normally don't take any of that crap on principle - but I have gotten (and used :-o) a USB-A to Micro-USB / Lighting charge cable from Huber Suhner (look them up).
That's true, but I was referring specifically to the lightning cable in this article. However, your point stands as the Apple Magic Keybord/Mouse/Trackpad all charge via lightning to USB, so these are all probable uses for a compromised cable.
https://ukspygear.com/products/gsm-...usb-cable-with-auto-callback-listening-device
tomorrow today becomes soon yesterday....
So now these things are getting smaller and smaller and more complex.
tomorrow today becomes soon yesterday....
So now these things are getting smaller and smaller and more complex.
No, that’s not how it reads. Your way the distance is still 300 feet to take advantage of the cable once it is plugged in. He said if configured to WiFi the distance to take advantage of it is unlimited. He didn’t say you had to be within 300 feet to configure it.
"I’m currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited." he added.
Oh yeah, I forgot about that one. That's why I'm on an unlimited plan, I never need to log-in to a hotel WiFi, especially if I don't know who else is on it or even if it's the real one.
So you'd need to 1) somehow get the victim to use your compromised cable then 2) you'd need the password to connect to the wireless network to reach it if you're more than 300ft away.
So? Do you think this would be happening in someone’s home. It’s no harder than doing the same thing within 300 feet. Stop moving the goalposts.
1. Workspace. Easy to replace someone’s cable and already know the password.
2. Hotspot. Not quite as easy but still more likely than anywhere else other than workplace.
It doesn’t take a genius to figure out it would more likely be used in these situations if used at all. Changing what you want to argue aboun means you just like to argue.
If the cable is configured to use the phone’s existing internet connection that’s even easier. You wouldn’t even need a password.
Anything else you can argue with yourself.
I think you're somehow misinterpreting my replies as being combative or defensive? I was simply just asking for further clarification of the exact steps needed to hack a Mac with that nefarious cable, that's all.