Be careful where you charge your phone: Hackers can now access your handset and steal your data using a fake Wi-Fi-enabled cable
- Cable devised by San Francisco-based hacker who goes by Twitter name @_MG_
- He doctored a standard Apple USB Lightning cable to demonstrate the new hack
- Nicknamed the OMG cable it poses potential threat to unsuspecting tech users
A well-meaning hacker has devised a way to control a person’s smartphone – through their charging cable.
The unnamed person, who works at Verizon Media and goes by the Twitter handle @_MG_, created the tool to highlight outstanding security risks surrounding modern technology.
To do this, he took a standard Apple USB Lightning cable and rigged it with a small, almost invisible Wi-Fi-enabled implant.
This allows other parties to access the said device and, potentially, wreak havoc by sending phishing pages to the victim’s screen.
A well-meaning hacker has taken a standard Apple USB Lightning cable and rigged it with a small, almost invisible Wi-Fi-enabled implant which allow the device to be controlled remotely (stock)
HOW DOES IT WORK?
The rigged cable is stealth because it looks exactly like a standard Apple USB Lightning cable.
Once an unsuspecting person plugs it in, extra components inside the cable remotely connect the hacker to the computer.
Embedded with scripts and commands which are ready to run on a victim’s device, it allows the hacker to assume control of a smartphone or laptop.
They can also ‘kill’ the USB implant, which erases evidence of its use.
‘It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable,’ the security researcher told Vice.
‘It’s like being able to sit at the keyboard and mouse of the victim but without actually being there.’
He unveiled his project at the annual Def Con hacking conference in Las Vegas, Nevada, earlier this month – explaining that he spent thousands of dollars in the process, with each doctored cable taking four hours to make.
Although this exercise was focused on an Apple product, ‘MG’ warns that Wi-Fi-enabled implants are small enough to be used in accessories issued from other virtually every other smartphone brand.
‘This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,’ he told TechCrunch.
‘Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.’
As a result, he hopes that people will be more careful in using charging cables.
‘Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,’ he added.
‘This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough.’
‘Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,’ he said. ‘So this helps drive home education that goes deeper.’
WHAT ARE THE MOST COMMON TYPES OF VIRUS FROM PORN?
There are ten digital STIs that can harm your device when you’re looking at adult content, according to computer security firm Kaspersky Lab.
1. Trojans – They might masquerade as innocent programs, but they carry a harmful payload.
2. Drive-by downloads – Cybercriminals look for insecure web sites and plant a malicious script into the code on the pages. These take advantage of any unpatched applications on your computer and infect them automatically
3. Click-jacking – Click-jacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. Clickjacking can be used to install malware, gain access to a victim’s online accounts or to enable their webcam.
4. Tinder bots – These are automatic programs designed to masquerade as real people on a dating site to lure users into clicking on them, with the aim of tricking the victim into disclosing confidential data.
5. Cat-Phishing – This is when cybercriminals pose on dating sites or chat rooms, encouraging people to click on links for live sex chat or adult images.
6. Ransomware – Cybercriminals use ‘blockers’ to stop the victim accessing their device, often telling them this is due to ‘illegal pornographic content’ being identified on their device. Anyone who has accessed porn online is probably less likely to take the matter up with law enforcement.
7. Worm – This is a program that replicates, but does not write its code to other files: instead, it installs itself once on a victim’s device and then looks for a way to spread to other devices.
8. Pornware – This could be a legitimate program, but might be adware installed by another malicious program, designed to deliver inappropriate content to the victim’s device.
9. Spyware – Software that enables an attacker to secretly obtain information about the victim’s online activities and transmit it covertly from their device.
10. Fake Anti-virus – Fake anti-virus programs prey on people’s fear of malicious software which they believe may have been installed whilst looking at porn.
Source: Read Full Article