Everyone knows about the risks of phishing email, dodgy downloaded software, and accessing sensitive data while using public Wi-Fi. But how about third-party Lightning cables?
According to a new report, these are a risk as well — with security experts noting that it’s possible for malicious Lightning cables to grant access to your Mac to a remote attacker.
Motherboard wrote about the cables after being shown them at the recent Def Con hacking conference. It looks and works like an Apple Lightning cable in every way. However, it’s modified to include an implant that lets hackers use it to remotely hack your computer or mobile device.
By entering the IP address of the target, hackers can run tools on a victim’s machine. “It’s like being able to sit at the keyboard and mouse of the victim but without actually being there,” security researcher MG told Motherboard.
Once the hacker has carried out their remote hack, they could remotely “kill” the USB implant. This would hide evidence of its existence.
How much of a risk is this?
So how widespread are these sinister Lightning cables? Fortunately, it seems the answer is “not very.” The cables described in the report were hand-built by MG. In other words, it’s more of a proof-of-concept than a major threat. (Although he is selling them online for $200.)
It’s also worth noting that these would be for more targeted attacks. In the Def Con demo, the cables could be exploited by a hacker up to 300 feet away from the target. While it would be possible to extend this with a more powerful antenna, it still requires the attack to know the location of the victim. They would also need to find a way to get them to use the Lightning cable to begin with.
Nonetheless, it’s another reminder of why you need to be diligent about everything you put into or onto your computer. No matter how harmless it might look.