Monday, August 12, 2019

Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer

https://ift.tt/2TpV5d7

A security researcher named MG has developed a Lightning cable replacement that can give hackers a way to remotely access your computer, reports Motherboard.

The cables in question (dubbed O.MG Cables) are cables directly from Apple that have been opened up to allow for additional components to be implanted, but the modifications are undetectable and there's no way to distinguish the hacked cable from the original.

Image via Motherboard

When plugged into a target computer, the cable behaves as a typical cable does, connecting to and charging iOS devices, but it also lets hackers remotely connect to a machine to run commands. It comes equipped with scripts and commands that a hacker can run on a victim's machine, along with tools to "kill" the USB implant to hide evidence of its existence.
MG typed in the IP address of the fake cable on his own phone's browser, and was presented with a list of options, such as opening a terminal on my Mac. From here, a hacker can run all sorts of tools on the victim's computer.

"It's like being able to sit at the keyboard and mouse of the victim but without actually being there," MG said.
In a test with Motherboard, MG was able to connect his phone to a WiFi hotspot that the cable was emitting. He said he needed to be within 300 feet to access the target machine, but also said that the cable can be configured to act as a client for a nearby wireless network, potentially allowing for hacking from an unlimited distance.
"I'm currently seeing up to 300 feet with a smartphone when connecting directly," he said, when asked how close an attacker needs to be to take advantage of the cable once a victim has plugged it into their machine. A hacker could use a stronger antenna to reach further if necessary, "But the cable can be configured to act as a client to a nearby wireless network. And if that wireless network has an internet connection, the distance basically becomes unlimited."
MG imagines the cable could be swapped in for a target's legitimate cable or gifted to someone because it looks exactly like an Apple cable, complete with accurate packaging. Each of these cables were made by hand and are being sold by MG for $200, but he is teaming up with a company to produce them as a legitimate security tool.

It's not clear if there is any defense against this kind of hack, but it sounds like these cables are prohibitively expensive and limited in availability at the current time. Those concerned should buy cables directly from Apple without accepting free cables from anyone. Apple may also be developing a mitigation and has previously restricted other USB access techniques through USB Restricted Mode.


This article, "Security Researcher Develops Lightning Cable That Gives Hackers a Way to Remotely Infiltrate Your Computer" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/2YL1k11

Chromebooks get a dedicated Chrome OS release notes web page


via About Chromebooks https://ift.tt/2yTxVSK

Disney+ bundle with Hulu & ESPN+ a huge win for Chromecast users


via Chrome Unboxed – The Latest Chrome OS News https://ift.tt/2KvjxqM

Deals Spotlight: Best Buy's Latest Apple Watch Sale Has $50 Off Series 4 Models

https://ift.tt/2Kwq0Sh

Best Buy is back this week with a new sale on Apple Watch Series 4 models, offering up to $50 off both 40mm and 44mm devices.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Prices start at $349 for 40mm and $379 for 44mm, both in aluminum and with GPS. You'll also find a few Series 4 models with cellular support, different band styles, and some stainless steel cases.

Apple Watch Series 4 Sale ($50 Off)


Apple updated to the Series 4 in 2018, introducing a 30 percent larger display, thinner case, new watch faces, and ECG support. You can check out even more sales happening this week by visiting our full Deals Roundup.

Buyer's Guide: Apple Watch (Caution)

This article, "Deals Spotlight: Best Buy's Latest Apple Watch Sale Has $50 Off Series 4 Models" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/2TpY5Gg

TP-Link's Kasa Smart Plug Mini Won't Support HomeKit After All

https://ift.tt/2MTURJQ

TP-Link today announced that it has abandoned its plans to add HomeKit support to its Kasa Smart Plug Mini.


From a new support document on TP-Link's website via Reddit:
Due to changes in our roadmap, the Kasa Smart Plug Mini (HS105) smart plug will not offer support for Apple HomeKit. Despite the change in direction for this specific SKU, our team is committed to the development of innovative smart home solutions that will continue to delight our customers around the globe.
TP-Link originally planned to add HomeKit support to the smart plug in early 2019, a promise that it has now broken.

Fortunately, HomeKit-enabled smart plugs are quite common, with a wide variety of options available from brands such as Eve, iDevices, iHome, and Wemo. They can be used to conveniently turn on and off TVs, lamps, coffee machines, and other household objects with an iPhone, iPad, Mac, or Apple Watch.


This article, "TP-Link's Kasa Smart Plug Mini Won't Support HomeKit After All" first appeared on MacRumors.com

Discuss this article in our forums



from MacRumors: Mac News and Rumors - All Stories https://ift.tt/31AfKhy