Illustrating the potential threat from untrusted accessories, a hacker has developed a proof-of-concept Lightning cable with a hidden Wi-Fi chip that could allow parties to seize control of a Mac.
Nicknamed the “O.MG Cable,” it closely resembles Apple’s own official products. When attached though it can deliver and trigger code payloads, potentially even reflashing a system, according to its creator. In a video, the cable — controlled remotely via an iPhone Web interface — is shown opening up a phishing website on a Mac, then the O.MG project page.
“I am going to work on getting a batch of these made for researchers and those working in the industry,” the latter promises.
Practically speaking most people are unlikely to face a bugged Lightning cable, since they’re buying from Apple directly or MFi-certified vendors. The O.MG technique also appears to require an attacker to be within local Wi-Fi range, making it of little use even to most black-hat hackers.
Conceivably though some variant could be used in political or corporate espionage, substituted in place of a target’s normal cable.