OMG - How is This Legal?
I just learned about the OMG cable and can’t understand how something like this is legal!
This question was answered on October 26, 2019. Much of the information contained herein may have changed since posting.
Security researchers are in the business of constantly tinkering with commonly used technology to see if they can discover new exploits and the O.MG cable is another example of this type of work.
What the O.MG Cable Does
The researcher’s name is Mike Grover and the cable is referred to as the Offensive MG kit, which is where it gets its name.
What makes this device so compelling is that it appears to be a standard Apple Lightning to USB cable that millions of people use to charge and connect their iPhones and iPads to their computers.
Inside of this cable resides a Wi-Fi hotspot and circuitry that can replicate what looks like a mouse and keyboard when it’s connected to a device.
The Wi-Fi hotspot allows a remote hacker (up to 300 feet) to send commands to the target computer as if the hacker were sitting in front of the computer. It can also connect itself to another Wi-Fi network, which can allow the exploit to be executed from just about anywhere as long as the connection is maintained.
The researcher has uploaded several videos to show how the cable, when plugged in, can be used to remotely exploit whatever computer it’s plugged into: https://twitter.com/_MG_
Grover says he developed this device to show that it can exploit Windows, Mac, Linux and iOS systems, so it’s pretty capable of impacting just about anyone.
He also made it clear that he chose to focus on the Apple cable because it was the most difficult to make work as a regular cable, which means this can be done with any type of USB cable.
How is This Legal?
It’s easy to understand how some people would look at a device that seems to be specifically designed for malicious or nefarious intent and question the legality. ‘Hacking’ technology has a negative connotation for many, but without researchers engaging in this type of activity (referred to as white hat or ethical hacking), the only ones discovering major exploits would be malicious hackers (black hat).
Legally restricting security researchers from any sort of activity of this nature would actually make us all less safe.
By demonstrating that something is possible, it both educates the public and forces technology companies to deal with the exploit and work on ways to mitigate it. If this researcher was able to build this cable on his kitchen table, how likely is it that it’s already been something developed in secret by sophisticated government backed researchers from around the world.
Keep in mind, this researcher is sharing how he did what he did, along with additional cables that other researchers (and yes, anyone with malicious intent) can experiment with themselves.
How to Protect Yourself
Learning that this cable exists should send a clear message to everyone – never use any cable or device that you know nothing about on any of your technology. Rogue USB drives have been around for years and either of these devices could be used to exploit people in crowded places like airports, coffee shops and even on an airplane during a flight, so be aware.
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on October 26, 2019