“There are certain things in life that you just don't borrow,” Charles Henderson, global managing partner and head of X-Force Red at IBM Security, told Forbes. “If you were on a trip and realized you forgot to pack underwear, you wouldn't ask all your co-travelers if you could borrow their underwear. You'd go to a store and buy new underwear.” X-Force Red consists of a group of hackers at IBM tasked with identifying security vulnerabilities in various organizations’ computer systems.
During the DEF CON Hacking Conference in Las Vegas earlier this month, a security researcher, who goes by “MG,” showed how an Apple Lightning cable altered to include an implant allowed the hacker to remotely connect to the computer the cable was plugged into. The cable, dubbed O.MG Cable, also included commands that can be run on the victim’s computer.
It gets worse: the hacker was also able to remotely “kill” the implanted malware, ensuring that the victim has no idea they were hacked.
But not to worry, folks. Charging cables with implanted malware aren’t a common problem currently “because this kind of attack doesn't scale real well, so if you saw it, it would be a very targeted attack,” Henderson explained.
That, however, could change with time.
“Just because we haven't yet seen a widespread attack doesn't mean we won't see it, because it certainly does work,” said Henderson. “The technology is really small and really cheap. It can get so small that it looks like an ordinary cable but has the capability and the intelligence to plant malware on its victim. These things are only going to get cheaper to produce, and it's not something your average consumer is going to be tracking to know when it becomes viable on a mass scale.”
Charging stations in public places like airports can also be infected with malware.
“We've seen a couple of instances where people modified charging stations. I'm not talking about an electrical outlet, I'm talking about when there's a USB port on a charging station.”
“Being careful about what you plug into your devices is just good tech hygiene,” Henderson warned in his interview with Forbes. “Think of it in the same way that you think about opening mail attachments or sharing passwords. In a computing context, sharing cables is like sharing your password, because that's the level of access you're crucially conveying with these types of technology.”