Why you should never borrow someone's charging cord

in #iphone5 years ago

image.png

Security researcher MG has developed a lightning cable that can completely take control of your iPhone that looks exactly like a brand new Apple OEM cable. Even the packages cannot be distinguished from a genuine Apple cable.

The cable has built-in wireless and is available remotely via an IP address.

"I’m currently seeing up to 300 feet with a smartphone when connecting directly"
- MG

"But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."
- MG

These "O.MG Cables" are available for sale for $200 directly from MG. They are currently manufactured from genuine Apple lightning cables. Hak5 has offered to start manufacturing them avoiding the need and complexity of using Apple genuine cables.

The cables come with pre-built scripts and tools to conduct various attacks and even destroy the implant when you are done.

Apple has been adding more protection to USB access to thwart law enforcement from accessing devices they have in their physical possession without access your pin code.

I make it a point not to use other people's cables (even if I trust them as you never know if they have been compromised unknowingly) or open charging ports at airports.

There is a device I own that will protect you by disabling the data channel on a USB port when I am forced to use a USB port at an airport or an un-trusted charger.


Amazon

These devices can be bought really cheap and disable the data portion of the USB port. This prevents any type of attack over USB and has the added benefit of speeding up charging when connected to computers. When connected to a computer that doesn't have smart USB charging (most don't), you will charge at a much slower speed when data is enabled.

If you don't have one, always use your own charging block to minimize risk and don't access cables or charging devices from third parties.

As always, be safe!

Image Sources: 1

Sort:  

Remember that episode of Alias when Kevin Weisman's character made a listening device that was disguised as a cable? It was a more advanced design than the feds had in mind, so when the feds piggy-backed onto his cable, they just used a clunky looking coupler.

This would probably be a good way to access all my old iPhones with smashed screens too!

Posted using Partiko iOS

What is this overpaid for a power cord! Flagged for rewards! Too much! what is this?

LOL I didn't buy a single vote

well i saw minnow support, you’re not a minnow, so flag! I can disagree on rewards.

Fair enough, but not a single vote was bought.

ok i’ll edit my comment about the buying part. See steem tainted itself, we all just assume it’s bits now, we’re programmed. sorry

Posted using Partiko iOS

Damn, I borrow it all the time!

They know everything about you now! ;)

Wooah, thanks for sharing this. I will never use other charging cord especially the public one

They could be disguised as USB data blocker.. :)

Did you see the story a while ago about the user that used a sub standard USB-C cord on his $1000 Pixelbook and it fried it? He then created an awesome spreadsheet that went worldwide documenting which cords were safe and which ones were not. I know that doesn't directly relate to your post, but I think it speaks to the fact that we should always be careful what we are plugging into our very expensive devices.

No, but I do know the Raspberry Pi 4 USB-C port isn't standard and has problems with some USB-C cords. Similar problem.



This post has been voted on by the SteemSTEM curation team
and voting trail. It is elligible for support from @curie and @minnowbooster.

If you appreciate the work we are doing, then consider supporting our witness @stem.witness. Additional witness support to the curie witness would be appreciated as well.

For additional information please join us on the SteemSTEM discord and to get to know the rest of the community!

Please consider using the steemstem.io app and/or including @steemstem in the list of beneficiaries of this post. This could yield a stronger support from SteemSTEM.

Jesus, this is frightening.

Wow thats something new for me. From now I need to start think about from what people I borrow charging cable.

Wow. I don't borrow, but tend to loan mine out all the time, along with my powerbank. Next thing you know, that'll be compromised as well! Thanks for the info.

Yeah, we often miss this kind of trivial but actually crucial security practices.

Good advice, especially on airports!
Thanks.
Gotta get one of them Data Blockers.

No surprised! And why is "everybody" forgetting about the ISP's...the big "security" problem we have are these providers of service (just to whom?)!

This article has shared on Twitter by @steemit!

Thanks for making people aware. Many people such as myself didnt see it this way when it came to simple thing like sharing a USB.

Posted using Partiko Android

Omw what the tech of today are capable of....😨best is to cary only your own chargers and cables around

I think worrying about this one might be a little over-kill. I would imagine that if you were to randomly ask someone at, say, an airport bar if they had a charger you could borrow -- you're more than likely going to be safe.

I certainly wouldn't just walk up and use some random charger that's laying around, though.

That being said -- best practices are best practices for a reason.

Unbelievable big brother in the charging cables..lol 🤣

Very true, but more importantly I'd probably not lend one either, heh. Happy Friday Mark.