Worried that the websites you visit (or the software you download) are infected with possible malware that could allow your machine to break in? Imagine, then, if the Lightning cable you use with your iPhone was "infected"?
Explain: Last week, the last edition of DEF CON, one of the largest hacker conventions in the world, took place in Las Vegas; During the conference, a new "type" of cable was introduced but not by Apple. In reality, it is a prototype created by a hacker, which has been modified to include an implant that enables hackers to remotely hack into a computer or mobile device.
Called O.MG Cable, it can be on the back of any smartphone model, as reported by Motherboard. According to the hacker who developed the prototype, known as _MG_, the cable not only looks legitimate as it works as one; that is, it transfers data normally.
It looks like a legitimate cable and works like one. Not even your computer notices the difference. Until I, as an intruder, take control of the cable remotely.
The hacker said that the cable has several scripts and commands which allow the attacker to perform different actions on the victim's machine; On a Mac, a hacker can run the Terminal app and do whatever it wants.
Extraordinarily, the malicious agent can also "kill" the USB implant remotely, hiding the evidence of its existence. On the other hand, for all of this to happen, the hacker must be close to the victim, since the tool must be activated from a position within range of its signal.
According to MG, such accessories were produced manually, with Apple's original cables being meticulously modified to include the rogue tool.
Apple cables are simply the hardest to do, so if I can successfully deploy one of them, I can naturally do it on other cables. like being able to sit on the victim's keyboard and mouse but not being there.
Illegally (or not), the hacker began selling such cable prototypes online. For $ 200, you can bring an accessory unit, a "detonator" (to lock the cable) and access to the particular group of hackers who developed the tool, plus a promotional code that can be used when the final version of the cable will be. released. Neither Apple nor other manufacturers commented on the adulteration of the accessories.
Vulnerability in SQLite could break into iOS
In parallel, an “old” database vulnerability SQLite was exploited to break into major desktop and mobile systems such as iOS. The flaw was disclosed by security firm Check Point during DEF CON and, on Ma's OS, allows it to be used to steal passwords and other personal data.
Although found about four years ago, the vulnerability was never addressed on iOS for two reasons: First, it was “ignored” because it was believed that it could only be exploited by unknown apps that accessed SQLite (and there are no apps). unknown on iOS). Second, while iOS apps go through Apple's boot checks, SQLite codes are universal and have "free" passage on iOS systems.
During the demonstration of the attack, Check Point just crashed the Contacts app (Contacts) from iOS, but the researchers said they could have created a method to steal passwords from the device. According to the company, all findings about the vulnerability were passed on Apple.