Over the last few years, we’ve seen Information security spend increase at historical levels which is estimated to cost organizations more than $172 billion by the end of 2022 according to Gartner. Now, it seems a new threat is lurking by way of the O.MG USB-C Lightning Cable. This cable looks and feels like a normal phone charger, however it’s a malicious cable that can record everything you type, which includes passwords and personal data and can wirelessly send this information to a hacker as far as 1-mile away.
Something else quite troubling is the O.MG Cable looks like any smart phone cable being used for your Apple or Android phones and is indistinguishable between these brand’s cables. According to Triskelelabs.com the main difference is the O.MG cable houses a tiny access point and once plugged into your phone can “spin up this access point over wi-fi and bridges the internal network” which sends a signal to a hacker as far as a mile away so they can see your keystrokes as you authenticate at the device which means they have real-time access to your passwords and can use this information to connect through an app on their own device that allows them to access your personal data on your device without you knowing.
So, gone are the days where a hacker will just drop off a flash drive at someone’s office hoping someone will plug it into the organizational network to give them access. Now, the setup can be accomplished by just leaving a cable behind at the office or at the local coffee shop so an unsuspecting worker or consumer will come along and pick it up and unwittingly use it to charge their device. Once this occurs, they’re in!
Due to this serious threat, Function4 recommends the following best practices for using USB Lightning Cables:
Don’t use random chargers provided by anyone you don’t know
- If you find a cable around the office, throw it away – never use it
- Educate your staff on the risks associated with the O.MG Cables
- Invest in Malware Software for added protection
If you have any questions concerning this article or would like to have one of Function4’s Security Specialist conduct a Dark Web Assessment on your network, reach out to me directly and I will connect you with a member of our team. I can be reached at kbox@function-4.com.