Hack a Charging Cable via Wi-Fi?
Most of us have tethered our mobile phones to our laptop dozens to hundreds of times. Have you ever worried about a hacked charging cable? Security researchers have discovered hacked iPhone lightning cables with embedded Wi-Fi chips that were capable of stealing our data. We would bet that most people don’t think about getting hacked through their iPhone’s charging cable. People worry about hack attacks from phishing emails as outlined here: Avoiding Phishing Attacks. Others correctly worry about password security as discussed here: Passwords, Passphrases, and Password Managers. But charging cables? No way. Hackers have hacked the iPhone lightning cable to insert a tiny Wi-Fi transceiver into the cable itself. When an iPhone, iPod, or iPad is plugged into a computer and syncs your data (pictures, music, apps, etc.) the embedded Wi-Fi device allows a nearby hacker to take full control of your computer. Once connected, the hacker can wirelessly transmit malware onto your device all while siphoning off your data.
A Proof of Concept Wi-Fi Charging Cable
A hacker by the name of “MG” studied and experimented on these Lightning cables. With some excellent soldiering skills, and a weekend’s effort, MG created a malicious “proof of concept” charging cable. MG targeted his own Mac computer. MG found that when an iPhone was directly connected with the hacked charging cord, he/she could be up to 300 feet away and still control of the MAC computer. Cyber Al theorizes that a directional antenna could enable the hacker to be even farther away! Even more disconcerting, MG stated “the cable can be configured to act as a client to any nearby wireless network. And if that wireless network has an Internet connection, the distance basically becomes unlimited.”
Summary Advice
This tactic is bound to be deployed in many locations by hackers targeting the general public. From charging kiosks at Airports to coffee shops, charging cables may be compromised. The risk in these locations is mitigated partially by the fact that your charging cable isn’t connecting your smartphone to your laptop. This prevents the lightning cable from transferring data unless you allow the iPhone to trust the charging station (something you should never ever do). Most people are aware of the dangers of inserting a USB flash drive into their computer. Cyber Al wants you to always think about the risks of a compromised charging cable provided free of charge by a business for its customers use and to remember these tips:
- Be on the lookout for unusually shaped charging cables.
- Better yet, always carry your own charging cable.
- Never use an unknown origin cable from anyone.
By becoming more aware you become more secure. If you like learning about emerging threats or want to address gaps in your employees CyberSecurity knowledge, venture over to CyberHoot and sign your company up for a free 30-day trial.
#cyberhoots #smb #cybersecurity #awarenesstraining #LMS #chargingcablehack
Author, Ty Mezquita, Blogger/Social Media – CyberHoot
Editor, Craig Taylor, Co-Founder – CyberHoot