This story made me think of all the ways drug smugglers get products into the US. Hiding them in tires, gas tanks, watermelons and pineapples etc. Now the hackers in the wires of cables.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security Researcher Develops Lightning Cable With Hidden Chip to Steal Passwords
- Thread starter MacRumors
- Start date
- Sort by reaction score
And worse, selecting Apple or major brand cables on Amazon won't protect you. Amazon co-mingles its own stock ("Sold by Amazon") and third party seller stock ("Sold by XXX") in its warehouses. This means that even if Amazon itself is selling a genuine item, a buyer could be shipped a counterfeit.
So the likes of Tom cruise and Leonardo DiCaprio?
In unrelated news:
I was flying to/from Europe about a week ago; on the long flight, the airplane had a charging port for mobile devices, but only via their built-in Android tablet / device in the back of the seat.
I was like... really? You want me to charge my phone by plugging into this unknown device? Wut?
Why not just give me a power plug so I can use my power brick?
I was flying to/from Europe about a week ago; on the long flight, the airplane had a charging port for mobile devices, but only via their built-in Android tablet / device in the back of the seat.
I was like... really? You want me to charge my phone by plugging into this unknown device? Wut?
Why not just give me a power plug so I can use my power brick?
No way it would work at a mile or even close to that, unless it hits a repeater. Where this would really work is at the airport or something similar - leave it plugged into the wall and let people charge their phones with it while you exploit them.
Btw, this hack is almost two years old.
Btw, this hack is almost two years old.
I don’t think you can call yourself a cyber security “researcher” when your hacking cable is entering “mass production”. I think that qualifies you as a hacker at that point and you should legally culpable if these cables are used to steal anybody’s data.
It is legal to grow tobacco in your own backyard. If you are in the UK.
(Not sure if the possibility still exists, but you used to be able to send your leaves off to a tobacco company to be professionally processed. And I am completely dodging any questions on tax.)
+1 to help push Apple sales over generic resellers.
BUT... the 1mile radius for connectivity means the seller would need to know the buyers location AND be able to track them (eBay/Amazon sale should be meaningless). I think this would be more of a 'stalker tool' than a honeypot.
If you were in a situation where someone could swap out your OEM cable for this one, it would be a problem. (unattended cable at home, school, Starbucks, etc)
BUT... the 1mile radius for connectivity means the seller would need to know the buyers location AND be able to track them (eBay/Amazon sale should be meaningless). I think this would be more of a 'stalker tool' than a honeypot.
If you were in a situation where someone could swap out your OEM cable for this one, it would be a problem. (unattended cable at home, school, Starbucks, etc)
Didn’t the Kremlin a few years ago say they were going to use typewriters again because they were more secure.
Exactly. This is only useful for targeted attacks, especially since it's $180. Plus, in its standard form it would only be usable against somebody that you know regularly uses a wired keyboard with their iPhone or iPad.
I can't see too many hackers "giving away" $180 cables on the off chance that somebody might pick it up and use it with a wired keyboard 😏
That's why this cable is a key part of my travel tech setup:
NewerTech 1.0 Meter (39") Sync Switch USB Extension... at MacSales.com
NWTCBLUSBCS1M 1.0 Meter (39") NewerTech Sync Switch USB Extension Cable with charge/sync on/off switch. Extend the length of your USB Cable + control use for Charging only or Power & Sync with a simple switch. Protects your Data! 1 Year NewerTech Limited Warranty.
eshop.macsales.com
Compute, WiFi, GPS in half a USB-C connector - Yes. No problem.
WiFi range of one mile using a patch antenna inside the USB-C connector, just a few mm square - No. Not a chance. Utter BS.
Interesting. So when I am typing on my phone it is also sending signals to whatever is connected to my Lightning port? I could see this having some type of SOC on it where it mimics a supported hardware device but wouldn't the user have to accept "trust this computer" for it to log anything on iPhone or iPad?
EDIT::Nevermind.
Read the details on the developers page. It can't log keystrokes on your phone or iPad like thought, it works by intercepting keystrokes while someone uses a Lightning or USB-C keyboard that is attached to one of these cables. It is not stealing data from an iOS device screen keyboard as I misunderstood from the article.
EDIT::Nevermind.
Read the details on the developers page. It can't log keystrokes on your phone or iPad like thought, it works by intercepting keystrokes while someone uses a Lightning or USB-C keyboard that is attached to one of these cables. It is not stealing data from an iOS device screen keyboard as I misunderstood from the article.
Last edited:
The original cable is almost two years old, but that's the one that worked in the opposite direction, allowing a hacker to send keystrokes TO your device. Plus, that original one was USB-A, and it didn't have nearly the same range.
The new one is a keylogger that captures keystrokes, plus it's USB-C. Still, that's considerably lower-risk than the previous hack, since it requires that the person be using a wired keyboard to do much of anything.
Even the original one, however, which arguably could have worked in the airport scenario, isn't really all that useful, as it can't bypass the Lock Screen, nor can the hacker see what they're doing unless they're already within eyeshot of the target device. It could cause more havoc on a Mac or PC, but it would be much more challenging to do any serious harm or capture any useful information from an iPhone or iPad.
No, and that's where this is misleading. iOS does not send your keystrokes out the Lightning port, ever, and without compromising the device in some other way (e.g., adding malware to a jailbroken iPhone), there's no way to capture this information.
This is a keylogger, plain and simple. It logs keystrokes from an external keyboard that's plugged into your iPhone or iPad, but since almost nobody does that, it's not really much of a threat in the real-world.
Yep I reviewed an excerpt from the developer, just a simple key logger as you explained. The text of most articles on this subject is misleading.
If they can jam all that tech into a USB cable, just think what can be stuffed into a hacked USB CHARGER!
I think it's safe to say that no non Apple USB charging outlet can be guaranteed to be 100% safe now.
Time to buy a big battery bank!
I think it's safe to say that no non Apple USB charging outlet can be guaranteed to be 100% safe now.
Time to buy a big battery bank!
This is just one reason why there are some reversions back to paper for communication and data. (Paper can be stolen/copied; but it can’t be hacked)
Imagine the world where this kind of effort was devoted to combating terrorism, or spam, or working for whirled peas...
Good grief... Like after watching Jurassic Park at a theatre, I though 'Oh no. What have they just created? Yikes...'
But like the USB cables from years ago, it was only a matter of time... Not impressed, but also don't take strange cables, or buy strange cables. Be safe, and be digital safe, or use 2fa.
EDIT: Or use a data blocker!
I have a data blocker plugged into my car, because the head unit in the car will siphon my address book! Yeah, no...
I throw a bunch into any carry-on that I have. Cars, public chargers, hotel rooms, and more, can siphon your data. Just say no!!!
Good grief... Like after watching Jurassic Park at a theatre, I though 'Oh no. What have they just created? Yikes...'
But like the USB cables from years ago, it was only a matter of time... Not impressed, but also don't take strange cables, or buy strange cables. Be safe, and be digital safe, or use 2fa.
EDIT: Or use a data blocker!
I have a data blocker plugged into my car, because the head unit in the car will siphon my address book! Yeah, no...
I throw a bunch into any carry-on that I have. Cars, public chargers, hotel rooms, and more, can siphon your data. Just say no!!!
Hilarious! And to think I spent hundreds of dollars on a mesh WiFi setup, when all I needed was one stinkin' mile-range WiFi cable!🍸😹
That's why a USB data blocker is essential for traveling. The ones from Portapow work well:
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.