The cable, called the O.MG Cable, charges phones and transfers data in the same way an Apple cable does, but it also contains a wireless hotspot that a hacker can connect to and then proceed to run commands on the computer, potentially rummaging through a victim's files.
"I’ve completely torn the cable apart to make sure there aren’t any production stoppers. Gotta make sure it’s up to par!" the security researcher MG who is behind the cable told Motherboard in an online chat.
MG first presented his invention at the Def Con hacking conference this summer. At that time, all of his cables were homemade and were being sold at the conference for $200 each. Now, the process is to hit the factory line.
After months of work, I am now holding the very first fully manufactured #OMGCable. I can’t wait to get these up on https://t.co/mVYIMD3v7g— _MG_ (@_MG_) September 29, 2019
Now time for a fully destructive teardown to make sure they meet all my requirements for a fully field-ready piece of attack hardware. pic.twitter.com/lMVBv5RRjw
"I’m just being super transparent about the process," MG told Motherboard. "[Mostly] everyone who manufactures something is going to keep it quiet up until release day when they unveil the entire thing and it’s ready for sale or they at least have a sale date."
Hak5, a company that sells hacking and cybersecurity tools, will be distributing the product once it's ready. The description for the cable on the Hak5 website reads, "The O.MG Cable™ is the result of months of work that has resulted in a highly covert malicious USB cable."
"The first batch of production samples are confidence inspiring. We're balancing a number of factors in getting these mischief gadgets produced—and I think everyone is going to be excited by the finished products," Darren Kitchen, founder of Hak5, wrote in an email. "The production process has been pretty straightforward, given our experience making pentest [penetration testing] implants. The high energy MG and his team bring has colored every aspect of the project, and his attention to detail is paying off."
An Apple spokesperson pointed to the first sentence in the company's "Identify counterfeit or uncertified Lightning connector accessories" support page. That sentence reads, "Apple recommends using only accessories that Apple has certified and that come with the MFi badge." The MFi badge on the item's packaging shows the cable is certified by Apple. The USB-A cables are no longer in use in Apple’s own ecosystem, as the latest iPhone 11 come with USB-C – Lightning cables. However, USB-A is still the only way to connect your Apple device to a PC.