Dire warning for why you should never share iPhone chargers

Dire warning for why you should never share iPhone chargers
Source: Daily Mail Online

A dire warning has been issued to iPhone users about sharing chargers.

Ryan Montgomery, a cybersecurity professional, said a totally normal-looking iPhone charger may actually 'cause havoc on your computer or phone.'

That is because the insidious cable features a hidden implant with a web server, USB communications and Wi-Fi access, allowing it to capture keystrokes, steal credentials, exfiltrate data and even plant malware.

This deceptive hacker device, called the 'O.MG cable,' became publicly available in 2019 when it went on sale for just $180.

In a video posted on his Instagram, he plugged what appeared to be an ordinary charger into a 'new' computer. 'This is a fully functional cable, you can still charge a phone with it,' he said.

But 'With this cable plugged in, I have full access to this computer,' he explained.

Without even plugging his iPhone into the other end of the cable, he gained remote access to the computer by pressing a single button on his phone.

'It is designed to allow your Red Team to emulate attack scenarios of sophisticated adversaries. Until now, a cable like this would cost $20,000,' the Hak5, which sells the device, stated on its website.

A 'Red Team' is a group of cybersecurity professionals who simulate real hacks.

The cable's creator, security researcher Mike Grover, has said: 'It's a cable that looks identical to the other cables you already have.'

'But inside each cable, I put an implant that's got a web server, USB communications, and Wi-Fi access. So it plugs in, powers up, and you can connect to it.'

He claimed the cable could allow him to access a device from up to 300 feet away, and if he configured the cable 'to act as a client to a nearby wireless network,' the distance would become unlimited.

Not only is it impossible for a person to tell whether they have come across one of these deceptive cables, but there's also almost no way to know when you're actively under attack.

Thus, the O.MG cable has been dubbed the world's 'most dangerous USB cable.'

Worryingly, the O.MG cable's capabilities are getting more and more sophisticated.

Grover told Forbes that the newly released 'Elite series,' launched in 2023, comes in multiple form factors, including USB-A Cables, USB-C Cables, USB-A to -C Adapters and shockingly, USB Data Blockers - so even these protection devices could be secretly malicious.

And the upgrades included in this latest series are what added data exfiltration - or the ability to steal data - to the cables' stealthy specs.

Though the O.MG cable could easily be obtained and used by someone with malicious intent, they are actually designed for professional hackers like Montgomery who test data systems for vulnerabilities.

Because of this, Grover has equipped the cables with some safety nets, such as enabling a Red Team to restrict the cable's access range to a specific location.

When this feature is enabled, taking it outside that zone will make it stop working or self-destruct.

Additionally, Grover designed the cables to not sync and charge when armed, which reduces the undetected attack window when they are plugged into a smartphone.

But it would appear that some villainous hackers have already gotten their hands on the O.MG cable. In 2023, the FBI stated: 'Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software on to devices.'

The Federal Communications Commission (FCC) also previously released a warning about 'juice jacking,' when hackers weaponize USB port charging stations such as those found in airports or hotel lobbies to steal your data.

But in this scenario, it's not the cable that hacks your device, but the electrical socket itself. Although this has been proven technically possible, cybersecurity experts say the risk to the public is nominal.

The O.MG cable, however, poses a very real threat. Therefore, experts have advised against using any charger that you did not purchase for yourself, as it could be compromised.