Security researchers have developed a Lightning cable which, thanks to an additional chip among its components, is able to record keystrokes from a connected keyboard. All the more reason to only trust official or MFi certified cables.
A minor threat, but one that must be kept in mind
What they dubbed “OMG Cable” is an identical-looking USB-A to Lightning cable that we could use to connect a keyboard to a Mac. The difference, however, is that, as Vice states, this cable has an additional chip capable of logging keystrokes. A cable whose mass production will begin soon and which will be sold through the company Hak5.
The recorded information is transmitted through a Wi-Fi hotspot that creates the same cable to which the attacker can connect remotely. All you need to do is go to a web application to see the keystrokes that have been taken.
Physically, the cables are almost indistinguishable. The tiny chip, as we see in this x-ray, occupies a very small footprint, allowing the cable to function as it normally would. This reminds us that we should always use official or MFi certified cables for our devices.
Remember, this is the second time we see how a modified cable can pose a threat to our security. It is relatively in the public domain that we should not connect USB storage to any of our devices unless we trust the source to originate from it. What is less common is that this same precaution is applied to seemingly harmless cables.
This is, once again, a reminder that the best security defense is common sense and a set of basic good practices. Practices like buying and using only trusted cables, for example. Although the security of our devices is increasing in leaps and bounds, we can still make their work easier, easily too.