As far as iPhone and Mac hacks are concerned, a California-based security researcher who goes by the name MG recently came up with one of the more clever and intriguing workarounds we’ve seen to date. Whereas most exploits that make the news tend to rely on unsuspecting users clicking on a malicious link or website, MG developed a way to hijack a user’s computer via the lightning cable used to charge iOS devices.
Originally brought to light via Motherboard, MG’s hack is seemingly simple and can be explored in-depth on his blog here. Put simply, he delicately tears open a standard lightning cable, modifies it with custom components, and puts it back together. By all accounts, the modified lightning cable looks and performs exactly like one you’d pick up from an Apple retail store.
MG demonstrated the hack to Motherboard at the Def Con hacking conference last week and showed off how he was able to remotely hijack a connected Mac and execute any number of commands. Somewhat comically, the modified cable is called the OMGCable.
MG typed in the IP address of the fake cable on his own phone’s browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim’s computer.
“It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” MG said.
All of the modified cables MG produces are handmade and can easily be swapped out with a legitimate cable without a target being any the wiser. One limitation worth noting is that a malicious actor can only access a hijacked Mac within a vicinity of about 300 feet.
As to what MG plans to do with his tool, he reportedly wants to sell them as bona fide security tools, presumably for law enforcement agencies. The modified cable isn’t yet available for purchase but MG hopes to have a production model ready soon at a price point of $100.