“It’s a cable that looks identical to the other cables you already have,” explains MG, the cable’s creator. “But inside each cable, I put an implant that’s got a web server, USB communications, and Wi-Fi access. So it plugs in, powers up, and you can connect to it.” One of the powerful things about the new O.MG Elite compared to its predecessors is the advanced network features mean it can handle bidirectional communications.
The O.MG Elite cable, a discrete and potent hacking tool, was displayed at this year’s Def Con. The concealed alterations allow this cable, which has the outward look of a typical Lightning or USB-C cable, to launch assaults, log keystrokes, and even send data covertly from air-gapped devices with its own WiFi network. Here is how designer MG describes the work, which Corin Faife of The Verge saw at Def Con:
“It also contains a keylogger: if used to connect a keyboard to a host computer, the cable can record every keystroke that passes through it and save up to 650,000 key entries in its onboard storage for retrieval later. Your password? Logged. Bank account details? Logged. Bad draft tweets you didn’t want to send? Also logged.”
O.MG Elite can perform attacks and read data that’s passed through the cable, say between iPhone and Mac, or almost any other combination of devices as it comes in Lightning to USB-A, Lightning to USB-C, C to C, and microUSB versions. Creator MG says that up until now, a cable like this would have sold for as much as $20,000. But it’s going from $180+ to early access customers. O.MG Elite is able to carry out keystroke injection attacks – which makes a device think it’s a keyboard typing commands. That opens up vulnerabilites like command line attacks.
As far as concern about everyday scammers buying this and trying to get people to use it, that’s probably not too much of a worry with O.MG Elite priced at $180+. However, if you’ve got sensitive information on your devices, it’s good to be cautious about who you accept a cable from. O.MG is designed as a tool for professional security testing, but The Verge says it’s also something that could be used by moderately experienced programmers.
X-ray highligting the implanted chip in O.MG Elite. As noted by The Verge, a big part of how scarily capable this cable can be is the built-in WiFi to silently send back data to an attacker – even on air-gapped devices. “Many ‘exfiltration’ attacks — like the Chrome password theft mentioned above — rely on sending data out over the target machine’s internet connection, which runs the risk of being blocked by antivirus software or a corporate network’s configuration rules. The onboard network interface skirts around these protections, giving the cable its own communications channel to send and receive data and even a way to steal data from targets that are ‘air gapped,’ i.e., completely disconnected from external networks.”