Call Today (888) 400-2748

When iPhone Cables ATTACK!

Call Today (888) 400-2748

Would you willingly plug a device into your smartphone or computer that would allow a stranger to see everything you type, steal your data, and install malware on your machine?

Of course you wouldn’t.

And, if you’ve read our recent article on Removable Media & Cybersecurity, you already know that you shouldn’t plug an unfamiliar USB stick or portable hard drive into your computer. But what if we told you that even an iPhone charging cable can be malicious?

The “OMG Cable” is designed to look and act exactly like an Apple or Samsung charging cable – the same type of cable you would use to charge your phone or connect a keyboard to your computer. But it contains a hidden chip that allows hackers to connect to any device it’s plugged into, record keystrokes, transmit sensitive data including passwords, and inject malicious software.

How Does it Work?

Imagine you’re at a coffee shop getting some work done, and you notice that your mobile phone is about to die. You look around frantically for a charging cable and gratefully accept one from a mysterious stranger in a hooded sweatshirt and Guy Fawkes mask…

OK, rewind. You wouldn’t do that.

But you still desperately need to charge your phone and spot a charger that the last person at your table must have left behind. It looks like a plain old, normal cable that comes with every iPhone, so you declare finders keepers and plug in your phone.

No, no, rewind again. You still wouldn’t do that. You’re smarter than that.

You’re smart enough to bring your own charger and not touch any cable that you didn’t purchase yourself from a legitimate Best Buy. BUT then you take a bathroom break and leave your laptop and phone charging at the table. Cue the guy in the hooded sweatshirt (who is indeed a hacker). He sneaks over to your table while you’re in the restroom and switches cables. You return from the restroom and pick up where you left off, with no idea that your legit cable has been swapped out with a malicious one.

Now the malicious cable is plugged into your device and has started transmitting a signal, which is essentially a Wi-Fi hotspot. The hacker, who is now seated four tables away, hops onto the signal and is now connected to your phone. From there, he can start “listening” to your device to discover every website you visit, every text message you send, and every password you enter. He can also remotely execute a payload and inject spyware or ransomware onto your phone.

On top of all this, if you plugged your phone into your laptop instead of a wall charger, he’d have access to your laptop as well.

And, once he’s done, he can cover his tracks by sending a self-destruct command to the cable.

The OMG Cable is designed to look like a real Lightning cable

The OMG Cable is designed to look like a real Lightning cable

How Can You Protect Yourself?

We asked the experts at AllSafe IT how people can protect themselves from hackers employing the OMG cable or other attack hardware.

  • Ben, our Senior Service Desk Engineer, says he’d flat out tell people not to use any cable they didn’t purchase themselves.
  • Don’t leave your phone, computer or any other devices unlocked and unattended.
  • Spencer, our Centralized Services Manager, advises to make sure your antivirus/malware protection is up to date so if a bad cable is plugged in, it will catch it.
  • If you happen to find a cable that looks suspicious, change your passwords immediately and submit it to your IT provider for analysis.

And of course, make sure your employees are trained on security awareness so they are aware of every type of threat (not just phishing!) and know how to respond to them.

Bones Ijeoma

Author since Jun 06, 2022
Bones Ijeoma is CEO and co-founder of AllSafe IT, and his mission is to make downtime obsolete. Bones received a BS in Computer Engineering from Cal State Long Beach and received an MBA in Entrepreneurship from USC Marshall School of Business. After finishing school and working for companies such as Marriott Hospitality, Dreamworks, and UCLA Medical Center, Bones realized there was a need for small businesses to have access to the same technology solutions that large corporations leverage.

Bones Ijeoma

Author since Jun 06, 2022
Bones Ijeoma is CEO and co-founder of AllSafe IT, and his mission is to make downtime obsolete. Bones received a BS in Computer Engineering from Cal State Long Beach and received an MBA in Entrepreneurship from USC Marshall School of Business. After finishing school and working for companies such as Marriott Hospitality, Dreamworks, and UCLA Medical Center, Bones realized there was a need for small businesses to have access to the same technology solutions that large corporations leverage.
phone-handsetcrosschevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram