So how exactly are you a "cybersecurity vendor" if you sell garbage like this that exists only to defeat cyber security (and give me another reason to push high-end cables over gas station crap)?
No, there is actually a WiFi radio embedded in the cable itself. The cable has VERY little control over the host.It makes the computer or phone create the network
Don't connect your device to random cables and you'll be fine.
This is kind of par for the course for Hak5 products. Relatively expensive product that could be used for legitimate pen testers but for the most part just get bought by kids looking for **** to play around with.So how exactly are you a "cybersecurity vendor" if you sell garbage like this that exists only to defeat cyber security (and give me another reason to push high-end cables over gas station crap)?
They will sell to "bad actors." 😆So who will they sell to?
You get what you pay for!guess I should pay the $20 to apple instead of the $7 to an ebay seller to keep my info safe? Danggit that sucks!
Where did you read these were "being mass produced?"And why are they mass producing them now? 🤔
The scary part is the mass production… why!? I understand making the cable as a proof of concept, and a “Hey Apple, fix this!” Kinda thing— but who, other than bad actors, will be buying these? Other security researchers? To what end?
Except that there's an awful lot of people who refuse to pay for good cables, thinking there's no difference between an Apple or an Anker and gas station garbage...
And there's an awful lot of counterfeit Apple goods on Fakebook Marketplace.
Yes, there is nothing new here (except miniaturization).For the key logging function you have to be using the cable to hook up between a keyboard and a device so the traffic can be sniffed.
But many people do use cables that are (or rather that appear to be) "randomly lying around." Imagine you are surveilling a high-value target who uses an iPhone. Put this in his limousine and in his hotel rooms and there's a reasonable chance that one day he might use it to charge his phone.This can only be a thread to device security, if I'm using cables which are randomly lying around or if I buy cables from stores/companies I don't know or trust.
What does Hollywood have to do with this?They will sell to "bad actors." 😆
Yeah - while it would be foolish to suggest that a fake-USB-accessory attack isn’t a thing, this particular example tickles my BS detector, too. Lots of little things, but what does it for me is the x-ray of the USB-C connector with the embedded microchip... Last I looked all but the most basic USB-C cables had an embedded cable ID chip.I'm going to call BS on this. A powerful compute module with memory, wifi with somehow a one mile range, and location services for geofencing, all in half a USB-C connector?
A normal-looking Lightning cable that can used to steal data like passwords and send it to a hacker has been developed, Vice reports.
![]()
The "OMG Cable" compared to Apple's Lightning to USB cable.
The "OMG Cable" works exactly like a normal Lightning to USB cable and can log keystrokes from connected Mac keyboards, iPads, and iPhones, and then send this data to a bad actor who could be over a mile away. They work by creating a Wi-Fi hotspot that a hacker can connect to, and using a simple web app they can record keystrokes.
The cables also include geofencing features that allow users to trigger or block the device's payloads based on its location, preventing the leakage of payloads or keystrokes from other devices being collected. Other features include the ability to change keyboard mappings and the ability to forge the identity of USB devices.
The cables contain a small implanted chip and are physically the same size as authentic cables, making it extremely difficult to identify a malicious cable. The implant itself apparently takes up around half of the length of a USB-C connector's plastic shell, allowing the cable to continue to operate as normal.
![]()
An x-ray view of the implanted chip inside the USB-C end of an OMG Cable.
The cables, made as part of a series of penetration testing tools by the security researcher known as "MG," have now entered mass production to be sold by the cybersecurity vendor Hak5. The cables are available in a number of versions, including Lightning to USB-C, and can visually mimic cables from a range of accessory manufacturers, making them a noteworthy threat to device security.
Article Link: Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords
The last paragraph says exactly that:Where did you read these were "being mass produced?"
Charging your phone with this will not steal anything. Your target would have to attach a Magic Keyboard to their iPhone using that cable and happen to manually type passwords while doing that. Not really a promising attack vector …But many people do use cables that are (or rather that appear to be) "randomly lying around." Imagine you are surveilling a high-value target who uses an iPhone. Put this in his limousine and in his hotel rooms and there's a reasonable chance that one day he might use it to charge his phone.
It now seems I'm going to have to start wrapping my lighting cable in tin foil.The last paragraph says exactly that:
The cables, made as part of a series of penetration testing tools by the security researcher known as "MG," have now entered mass production to be sold by the cybersecurity vendor Hak5. The cables are available in a number of versions, including Lightning to USB-C, and can visually mimic cables from a range of accessory manufacturers, making them a noteworthy threat to device security.
The target would need to connect a keyboard to their iPhone, iPad or Mac with this cable, in order to log any passwords. It's a very rare case. Usually people just use the keyboard wireless. Also the hacker needs to get in wifi range which in reality is not miles as we all know.But many people do use cables that are (or rather that appear to be) "randomly lying around." Imagine you are surveilling a high-value target who uses an iPhone. Put this in his limousine and in his hotel rooms and there's a reasonable chance that one day he might use it to charge his phone.
It's a little impressive they managed to get everything to fit in the connector housing, but not that surprising. You're making some assumptions about this, though:I'm going to call BS on this. A powerful compute module with memory, wifi with somehow a one mile range, and location services for geofencing, all in half a USB-C connector?
What would make them illegal to produce?Then, why the hell is this legal to mass produce ? Like what ?
Patent violations?What would make them illegal to produce?
Exactly this. The article is very misleading as it's making folks assuming that just charging with these cables will steal your information.So there's a lot of scaremongering and assumptions being thrown around here. For the key logging function you have to be using the cable to hook up between a keyboard and a device so the traffic can be sniffed.
I'm going to call BS on this. A powerful compute module with memory, wifi with somehow a one mile range, and location services for geofencing, all in half a USB-C connector?
What patent? Cables are pretty basic. It's not going to be MFI certified any time soon, but there's been enough independent information available to make clone cables for a long time. This would just fall into the same category as every other clone cable you can find at the gas station.Patent violations?