Hi, this is Wayne again with a topic “I got hacked by an iPhone Cable.”.
Do not accidentally plug one of these cables into your computer. It might look like a normal innocent iphone charging cable, but it is actually a modified variant of it with the power to hijack your devices steal every last bit of your personal info and then self-destruct to not leave a trace behind. So i’ve got two iphone cables here. One is real. One is fake, which one is real. I want to say this one, that’s fake. This is called attack hardware. It is real, it is out there. So it’s time we learn about it. We’Re gon na look at three incredibly ordinary, looking tech products, a little usb stick, this charging cable and then a usb adapter. I’M gon na show you how each one is actually a more and more powerful piece of attack hardware and then how do you actually stop yourself from getting hacked if these things look just like the normal products? Okay, so first up is the tiny little usb stick from the company omg that anyone could order right now for 75, which might sound expensive, but not when you see what it does.
Okay, here’s the thing we need to understand our devices are generally pretty good at fighting off hacking, threats from the internet and from all those dodgy files we download, but there is a vulnerability, most pcs, macs smartphones tablets. They will all immediately trust a usb device. That’S physically plugged in without even questioning it, some of them might throw up an unrecognized device error message, but all i would need to do is to change my usb stick’s vendor id and product id, the vid and the pid to say that of the official apple Keyboard and my computer will believe it so right now, my laptop genuinely thinks that it has a normal keyboard here and this killer usb stick plugged into. It is just a second apple keyboard and here’s where it gets interesting, because this plug it also contains a miniaturized, wi-fi chipset. That creates a new wi-fi network that i can join from my smartphone and now that i’m a trusted keyboard on this computer start issuing commands or payloads onto it from up to 2 000 meters away. So i waited till my team was next together and i set my sights on my editor’s computer, because why not hack the one machine that contains all of our video files? All i had to do was to get this plug inside without him realizing and we’re in so did that just literally pop out the blue yeah hey did you notice me plugging it into your computer, so i was sat here so that i could actually put the Usb stick in while you couldn’t see what was going on and you had no idea right, no idea, no words, and so, while there clearly is a fun side to all this, you can probably also see just how dangerous this could be in the wrong hands with Full unrestricted access to your keyboard.
I can do anything on your computer. If you just left your machine alone for five minutes to go on a lunch break, then all i would need to do is to approach from behind to slip it into the back and execute a payload one that opens your computer’s terminal. The control center of your device hands over the administrator access to your machine to me and then closes the terminal. So you have no idea, it’s even happened, but we can step this up further with the charging cable and even though this is still not the most advanced product, i’m going to show you today. It is already apparently rivaling the functionality of the 20 000 surveillance cables sold to the national security agency compared to that usb plug you just saw this has three things: three things that take it to the next level, so the first most obvious thing is that to The untrained eye – it is invisible. You know like if weird things were happening to your computer and then you found a plug that looked like this. You’D, probably connect the dots and realize that this was the problem. You can’t do that anymore.
This omg company makes both an apple, lightning, cable, which is pretty much an exact one-to-one of an actual, lightning cable and then also an android version, which is practically a one-to-one of the samsung cable and here’s the kicker as well as all the other stuff. They do. They also still work as normal cables.
So what do you think this is uh? Looks like a usb cable? Are you sure, ah, and the sub to the channel would be no fandomidosi? Thank you. These things are so convincing that a few weeks ago, i’d actually left one of these lying on my desk. While i was doing some work with my cameraman josh and then just randomly out of the blue, i noticed on my phone that i had access to his computer, so i looked up and sure enough.
He had accidentally been charging his phone, not with his actual charging. Cable, but with my omg, cable, didn’t suspect a thing, and let me show you how easy it would have been for me to at that point wreck havoc on it. So this is the omg payload interface, and all i really need to do here is to just type out what i want his computer to do so. The first command i’m making here is gui space, which is telling the computer to press command and space to bring up the spotlight search feature.
I’M then going to write string, which prepares the computer to type out word for word. What i’m going to write next, followed by the word safari, to get it to search for the safari app? The word enter, which tells a computer to then open that safari app at which point i’m on his internet. So, let’s just say that i wanted to post something incriminating. All i would need to do is to have guill or command l, which will select the url bar ready for typing and then just use the string command one last time to get it to type in www.instagram.com hit enter and we’re in it is game over. I even made another payload which uses command and t to open a new tab and then asks google translate to say this.
I’M watching you horrifying stuff you’ll also see that i’ve added in a bunch of delays in between the main commands. Those are just there to give the computer time to finish one action before starting the next okay, so this is already kind of crazy, but there’s more because the second thing this can do is geofencing, and what that means is one of the things crammed into this End here is a wireless radio and that wireless radio can look for other wireless radios or, to put it another way, this cable knows the networks that are around it and can therefore know where it is and who’s nearby. So you can make the cable arm itself in certain situations, for example, while someone is working in the office and then disarm itself as soon as they get back home, but the coolest and the scariest part of this is the third thing the self-destruct feature, because if There’S one thing that makes these attack devices slightly less, threatening it’s the fact that if one of them is found and identified, then it could start to trail back to the person who planted it.
It’S this idea that for most people it wouldn’t make sense to try and spy on someone, because you know you might get caught in the process, but the self-destruct feature gets around this. All i would have to do is to type the word self-destruct to the end of a payload and the device completely wipes its internal memory, leaving no trace of what you’ve done, and if i get into a really sticky situation. Let’S say that i think the cable has been lost or compromised. It is also programmed such that i can remotely physically sever the circuit. I can send a command that will disconnect the inside of the cable such that it stops working as a cable, which would be enough to make any average uninitiated consumer just assume that they broke it and to throw it away that didn’t go close today. But now it is time for the god tier introducing the omg usb adapter and just before i show it to you.
I do want to reiterate that i’m just as impressed with this company, as i am scared by them like on one hand, they make it very clear that they’re selling the world’s most dangerous usb devices at a 50th of their original costs. But at the same time, there is a legitimate benefit to this gear, like, for example, law enforcement can use this to spy on predators and criminals. Aspirational security professionals can use it for training purposes and one of the biggest uses of these attack devices is helping. Companies improve their own protection.
The biggest thing that can make change inside of a company is a legitimate attack which these things could do in the wrong hands. Second, best is a simulation of that which these could do in the right hands. Okay.
So what does this one do? Well everything that the last device could the payloads the camouflage, the geofencing the self-destructing, but on top of all of that, this particular adapter that i’ve configured can also keylog. So when this is plugged into someone’s machine instead of just seeing the payload tab, i also have a key logging tab where i can intercept and record every single letter that this person types, you could already pretty much destroy someone with the default usb plug. But this is the nail in the coffin. This is gon na, give you all their banking details, so you can make online payments using their cards they’re passwords, so you can remotely log into their computer while they’re away from it, and it even means that you can then change those passwords so that these people Are actually locked out of their own devices and their own accounts? How do you protect yourself from all this? Well, a use, your own cable and own, your own cable b. If you do come home one day with a wire that looks a little different to the one you left with then just change your passwords immediately and see.
I find this quite funny, but the same company who makes this attack hardware does also sell a detector to prevent you from getting attacked, so that’s also an option now. You might have also noticed with this video that i’ve experimented with a slightly different way of delivering the content. I’Ve used a scene change every time i feel like you might have been staring at the same background for too long. I’Ve got the opinion of people in the public to try and make it a more personal experience, and i tried to create a golden moment within this article by bringing together the topic of interest with human reactions from my team and an injection of humor. This is all stuff that i picked up through thomas de gea’s storytelling through film classes on skillshare, the sponsor of this video, and what struck me about this platform is just how efficiently you can learn stuff.
There’S no click bait, there’s no ads and it’s organized in such a way that you can learn a completely new skill in any topic from animation to marketing start to finish in literally 30 minutes. So why not make 2022 the year to become a master in something, or you know, 100 different things. The first 1000 of you to sign up using my code or by hitting the link in the description will get a one month, free trial of skillshare to get started on that journey.
You .