Q: I just learned about the O.MG cable and can’t understand how something like this is legal!
A: Security researchers are in the business of constantly tinkering with commonly used technology to see if they can discover new exploits, and the “O.MG cable” is another example of this type of work.
What the O.MG cable does
The researcher’s name is Mike Grover, and the cable is referred to as the Offensive MG kit, which is where it gets its name.
What makes this device so compelling is that it appears to be a standard Apple Lightning to USB cable that millions of people use to charge and connect their iPhones and iPads to their computers.
Inside of this cable resides a Wi-Fi hot spot and circuitry that can replicate what looks like a mouse and keyboard when it’s connected to a device.
The Wi-Fi hot spot allows a remote hacker (up to 300 feet) to send commands to the target computer as if the hacker were sitting in front of the computer. It can also connect itself to another Wi-Fi network, which can allow the exploit to be executed from just about anywhere as long as the connection is maintained.
The researcher has uploaded several videos to show how the cable, when plugged in, can be used to remotely exploit whatever computer it’s plugged into.
Grover said he developed this device to show that it can exploit Windows, Mac, Linux and iOS systems, so it’s pretty capable of impacting just about anyone.
He also made it clear that he chose to focus on the Apple cable because it was the most difficult to make work as a regular cable, which means this can be done with any type of USB cable.
How is this legal?
It’s easy to understand how some people would look at a device that seems to be specifically designed for malicious or nefarious intent and question the legality. “Hacking” technology has a negative connotation for many, but without researchers engaging in this type of activity (referred to as white hat or ethical hacking), the only ones discovering major exploits would be malicious hackers (black hat).
Legally restricting security researchers from any activity of this nature would actually make us all less safe.
By demonstrating that something is possible, it both educates the public and forces technology companies to deal with the exploit and work on ways to mitigate it. If this researcher were able to build this cable on his kitchen table, how likely is it that it’s already been something developed in secret by sophisticated government backed researchers from around the world?
Keep in mind, this researcher is sharing how he did what he did, along with additional cables that other researchers (and yes, anyone with malicious intent) can experiment with themselves.
How to protect yourself
Learning that this cable exists should send a clear message to everyone: Never use any cable or device that you know nothing about on any of your technology. Rogue USB drives have been around for years, and either of these devices could be used to exploit people in crowded places such as airports, coffee shops and even on an airplane during a flight, so be aware.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.