If you think like a hacker, you’re going to try to figure out the most efficient way of going about the business of committing your crime. That line of thinking means figuring out the types of equipment that most people use, which would also allow cybercriminals to easily hack into their personal information. As cybersecurity experts beef up security tools and features on their end, it’s limiting criminals’ ability to do their dirty work. They’re going back to the drawing board trying to come up with new scams to get around security measures.
One such out-of-the-box-thinking hacker concocted the idea of creating a charging cable that gives criminals access to computers. What’s even more frightening is that the mastermind behind the accessory is having it mass-produced and it will be widely available. This story clearly demonstrates that bringing your own device to work can be dangerous.
Before they grab just anyone’s charging cable, board directors and executives need to be aware of how a simple computer accessory can open up their personal business and board business to hackers.
How a Common Popular Electronic Device Charger Opens the Door to Cybercrime
Apple had a great idea when it came up with the Lightning cable, which charges its devices fast. With a minor exception, they’ve included it with all iPhone, iPad and iPod Touch devices since 2012, which means that literally billions of people have them. The fact is that one, or even two, chargers aren’t enough for one person. They tend to buy extras either because they forgot one at home or at work or because they want extra ones on hand when they need one. Having extra chargers is convenient enough, considering off-market Lightning cables flooded the stores after 2012.
It’s the popularity of the accessory that got the hackers thinking about how to use it for nefarious purposes. A hacker got the idea to create a Lightning cable that has a wireless hotspot hidden inside the cable. The wireless network gives a hacker remote access to the device as soon as it gets plugged in.
The other thing that hackers bank on is that most people will accept a charger from just about anyone, even a stranger. It’s common to witness people at airports and well-attended events scurrying around with a dead iPhone begging to borrow a charger from anyone who will give them the time of day. Lo and behold, busy people who forget to charge their phones or who drain the power through excessive use are prime targets for hackers.
The cable is called the O.MG cable, after the inventor, who goes by MG, and it will soon be available for purchase by anyone. MG demonstrated a handmade prototype of the cable at the Def Con hacking conference last year. It looks and works much like an ordinary Apple Lightning cable. Consumers can use it to charge their Apple devices and to transfer data to and from any device. The only difference is that the O.MG cable allows hackers to run commands through it remotely to your Mac or Windows PC. Access to your computer means that hackers can read your data and even delete it. One hacker stated in an interview that it’s like sitting next to someone’s keyboard and mouse and controlling it right in front of them. The cable enables hackers to confiscate essentially any type of data, from emails and photos to sensitive personal and medical records.
The O.MG cable lets hackers within Wi-Fi range and others who may be tapping into its connection into devices using the internet. The cable was originally designed for “Red Teams,” which are cybersecurity experts who use such devices to break into systems to test them for vulnerabilities. The cable lets users create, save and transmit new payloads remotely and they can erase the firmware remotely so that the cable returns to a harmless state. It’s unknown at this time what other harm the cable is capable of. This isn’t the first cable of its kind. It’s just the first one to be mass-produced and marketed to the public.
Keeping Personal and Business Data Protected
Since the design is similar in appearance to Apple’s Lightning charging cord, how can you be sure that a charging cord is safe? The reality is that any third-party charging cord can cause you problems. Many of them lack proper testing, and that will likely be reflected in the price. Less expensive charging cords may leave your electronic devices vulnerable to power surges. They can even overheat and start a fire.
Apple labels its products with the MFi logo, which means that they’re made for iPhones, iPads and iPods. MFi products pass Apple’s tight engineering standards. They’re completely safe to use and won’t damage your devices or data. It’s best to buy your charging cables directly from Apple because counterfeiters have found ways to deceive consumers about the MFi logo. You will likely also have good luck with reputable retailers like Anker, Belkin and AmazonBasics.
Beyond that, let common sense prevail. Never accept a charger from a stranger. Don’t use chargers that you find lying around or that someone else left behind.
To demonstrate how easy it is to grab any handy device accessory and use it, the University of Illinois did a research experiment in 2016 whereby they intentionally placed USB drives around the campus. Within hours, students and others had plugged them into their computer to see what was on them. The drives notified the researchers that someone had plugged one in. Also, the drives gave the finders information on how to return the drives. While this was an innocent experiment, the danger to users could have been far more damaging.
This news should alert consumers to the idea that any of their devices and accessories could be tampered with. This news could start a whole new fad of dangerous tactics that are soon to materialize.
Boards should secure their board business with board management software by Diligent Corporation.
This development should motivate board directors to create policies about how employees should safely use equipment. It’s also important that this type of information be communicated through companies and become part of the overall culture around cybersecurity.