Fake lightning cable can be used to control your PC

Bradley Prior

MyBroadband Journalist
Super Moderator
Joined
Oct 16, 2018
Messages
1,673
Fake lightning cable can be used to control your PC

Security researcher Mike Grover has developed a prototype of a fake Lightning charger that can hijack a computer simply by being plugged in, Motherboard reports.

The malicious charger, which Grover showcased at the DefCon cybersecurity convention last week, can give an attacker full control over a Linux, Mac, or Windows system.
 

whatwhat

Executive Member
Joined
Jun 1, 2009
Messages
5,888
How is it a "fake lightning cable" if it charges the device?

Fake would imply it doesn't even cover the basic use case someone has to plug this into their computer in the first place.
 

Rocket-Boy

Executive Member
Joined
Jul 31, 2007
Messages
7,647
This is nothing new, its probably using the exact same concept as a malduino or similar.
A lightning cable on its own would be too small even for an ATtiny so its most likely hidden in the power supply.
 

Totempole

Expert Member
Joined
Sep 21, 2011
Messages
3,373
This is nothing new, its probably using the exact same concept as a malduino or similar.
A lightning cable on its own would be too small even for an ATtiny so its most likely hidden in the power supply.
No mention of a power supply. Specifically refers to the cable being plugged into the machine itself.
 

Nod

Executive Member
Joined
Jul 22, 2005
Messages
8,735
I'm sure the same could be done with any device you plug into a USB port.
A cable though would not be suspected by default.
 

Rocket-Boy

Executive Member
Joined
Jul 31, 2007
Messages
7,647
No mention of a power supply. Specifically refers to the cable being plugged into the machine itself.
Yeah I was going on this "The malicious charger, which Grover showcased at the DefCon cybersecurity convention last week" but after looking at the article I see its just the cable.
The concept is the same though, its hard to monitor HID inputs which are trusted by default. This just uses HID keyboard emulation which is why it gets away with it.
 

MoHaG

Well-Known Member
Joined
Mar 28, 2005
Messages
264
This is nothing new, its probably using the exact same concept as a malduino or similar.
A lightning cable on its own would be too small even for an ATtiny so its most likely hidden in the power supply.
You can get an ATTing in a 4x4mm QFN package...

Other microcontrollers are available as bare dies (Bare dies usually end up under a blob of black stuff (epoxy?) as often seen in calculators and cheap toys...). With a minimal / flex kapton-based PCB that should easily fit inside the USB connector...
 

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
18,931
Or maybe its in those bulge thingies meant to prevent the cable from breaking near the end.
 

hackerjargon

Well-Known Member
Joined
Sep 8, 2010
Messages
220
Yeah I was going on this "The malicious charger, which Grover showcased at the DefCon cybersecurity convention last week" but after looking at the article I see its just the cable.
The concept is the same though, its hard to monitor HID inputs which are trusted by default. This just uses HID keyboard emulation which is why it gets away with it.
'Charger' refers to the cable, not a 'power supply'. We in S.A call a 'Power Supply a 'Charger', so hence the confusion.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
38,514
Yeah, way to go... we're ahead of the crooks, now giving them fodder for new devices. Hopefully he went to Apple first. Regardless it's demonstrated a flaw in the system that needs to be patched. People need to be alerted to the capabilities of the device they connect and be forced to accept it.
 

Hunted

Senior Member
Joined
Aug 6, 2003
Messages
644
'Charger' refers to the cable, not a 'power supply'. We in S.A call a 'Power Supply a 'Charger', so hence the confusion.
Don't get why some do that... My kids also refer to the USB cable as the charger... Sorry back on topic
 
Top