Security researcher Mark Green, (who goes by MG) has revealed to the Vices team at Motherboard that he and his team have upgraded their version of a hacked Lightning cable in a way that allows a hacker to record keystrokes and then to send the data to a designated site. This would allow the device to be used to steal passwords and other sensitive information.
A Lightning cable allows for charging a device such as a smartphone using a computer or laptop instead of a charger. Back in 2019, MG demoed a cable that looked like a Lightning cable but had hacking capabilities built into it. Shortly thereafter, MG reportedly partnered with a cybersecurity vendor called Hak5 and began selling the cables. The idea behind the development of the cable and sales of it were meant not just to highlight, but demonstrate how such simple devices can be altered in minor ways that allow real hackers to take advantage of consumers.
More recently, MG spoke with the team at Motherboard and told them that he has updated the cable to allow it to both record keystrokes and to use an added WiFi chip to broadcast the data it captures to a designated site where hackers could conceivably study the data and use it to their advantage.
MG also told the team at Motherboard that part of the reason he built the new cable was because other experts in the field had claimed that it could not be done due to size and space limitations—there was not enough room inside the connective housing on Type C Lightning cables. MG claims to have proven such experts wrong by adding tiny chips to the cables and then demonstrating that they work in a YouTube of his cable in action.
He also told Motherboard that the new cable also has geofencing features that allow for blocking data. Motherboard also tested the cable, and found that it worked as advertised, though admittedly in a close-proximity environment. MG claimed the cable could deliver data as far as a mile and that it works equally well with smartphones and tablet computers. He noted that he had also added an ability to alter keyboard mapping and to allow the cable to mimic identity-specific USB devices.
Photo credit: Pixabay/CC0 Public Domain