“My phone is about to die, can I use your charger?...”

You might want to think twice before you borrow just anyone’s cable to charge your phone.

Hackers have manipulated regular/factory iPhone charging cables into cables which can steal your data without your knowledge.

These cables are called O.MG cables; the Apple USB lightning cable that looks normal from the outside, but when plugged into your device allows a hacker to wirelessly transmit malicious payloads onto your device.

At DEFCON 2019, a security researcher who goes by the handle “MG” showcased a cable that looks like a normal Apple lightning cable in its size, design, and appearance. It even operates as a normal cable, but unbeknownst to the user, it also includes an implant which hackers could use to gain access to your phone and any other device which you connect it to…running secret commands all without your knowledge.

According to Mg, "The cable comes with various payloads, or scripts and commands that an attacker can run on the victim's machine. A hacker can also remotely 'kill' the USB implant, hopefully hiding some evidence of its use or existence. This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types".

"Most people know not to plug in random flash drives these days, but they aren't expecting a cable to be a threat," he added.

MG made the cables himself, modifying real Apple cables to include the implant. He now wants to get the cables produced as a legitimate security tool.

To use the O.MG cable in an attack, all the attacker has to do is to swap it with a legitimate cable without the user noticing. Afterward, when the cable is plugged in, the attacker has to enter the IP address of the fake cable in his browser and that is all it takes to gain control.

Once connected, a variety of scripts and commands could be run from a range of up to 300 feet (or 91 meters) as currently tested. If that seems like a small area, the use of an antenna could extend the distance and connecting the cable to an internet-connected wireless network could potentially make the range unlimited. This is even more alarming as the attacker does not have to be in your immediate surroundings, making it difficult to locate the attacker.

The implant could also be killed remotely to hide the tracks of the attacker. Since the cable is physically modified, it could still be detected by someone technically aware of the design of an iPhone cable.

How these cables were made is no mystery. As MG wrote in his blog post, they were made by modifying original Apple cables which took about 4 hours each to assemble. “In the end, I was able to create 100 percent of the implant in my kitchen and then integrate it into a cable.”

However, according to Vice, for the future, he has teamed up with a cyber-security firm named “Hak5” where they will create new modified cables from scratch making the entire process much easier. “Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables.”

These cables are now being sold (costing around $200/each) and have already sold out.

The important takeaway from this is that there is a new threat, readily available for attackers to exploit unsuspecting victims, utilizing hardware components to be affected with malware and remain undetected for long periods of time.