These cables look like any typical charging cable that comes with your device. However, they can be used to hack into your system and let the attackers in, compromising user security. These OMG charging cables can then be used to steal your data and inject malware into your device. This was first showcased at the cyber conference DEFCON back in 2019. However, they are now readily available for purchase through cybersecurity vendor Hak5.
OMG Charging Cable
The cable was dubbed ‘OMG cable’ after its creator, cybersecurity researcher MG. They look the same as any normal cable, and general users cannot tell the difference. When connected, they create their own Wi-Fi hotspot through which a hacker can connect to your device even if he is more than a mile away. The cable can record anything you type, including passwords, and send the data back to the attacker.
This is all possible due to a small chip inside the OMG charging cable, which takes up half its space. The cybersecurity vendor offers multiple cable variants, including lightning cable, Type-C, Type-A, and many more. Its creator MG told Motherboard that, “There were people who said that Type C cables were safe from this type of implant because there isn’t enough space. So, clearly, I had to prove that wrong. :)”.
Its creator has further improved the OMG charging cables, and now they have additional features. These additional features include changing key mappings and forging the identities of a specific USB device. Some USB identities can make the system more vulnerable. It also has geofencing features that can trigger or block the device’s payloads based on the physical location of the cable. Meaning the cables can have built-in procedures in place if the device ever leaves an effective range.
The company describes the product as “built for covert field-use, with features that enhance remote execution, stealth, forensic evasion, all while being able to change your tooling on the fly quickly.” It sure does sound like a spy movie, right. However, its implications in the wrong hands could be disastrous for user security.