Are iPhone Cables Dangerous?
Learn How to Use Them Safely
In This Article
• What's the Problem?
• What's the Risk?
• How Do You Get These Cables?
• Good News / Bad News
• Your Best Defense
(No time to read right now? Just want to see the list of things to check? Here you go.)
What's the Problem?
Hackers get people to use fake Apple charging cables that have a nasty surprise inside.
They look like genuine Apple cables and they work like genuine Apple cables. They charge your device and make a proper data connection with your computer.
But they also contain a tiny circuit that lets the hacker remotely access the computer you connect the cable to.
Some hackers modify real Apple cables, knowing people inherently trust them. They might also modify cheaper ones, which are easier to distribute, especially to people who frequently lose or break their cables.
Unfortunately, your computer cannot tell the difference between a real cable and a rogue, hacker-built cable.
What's the Risk?
The rogue cable's stealth circuit gives it an Internet address and software that provides remote access to the hacker.
Once he's connected to your computer, of course, he can do all sorts of malicious things. He's essentially sitting at your keyboard without physically being there.
And there may be no visible sign this is happening.
How Does the Hacker Get You to Use His Cable?
There are a few ways a hacker might get you to use his rogue cable.
He might lurk in a coffee shop where you're working, wait for you to step away from your laptop for a minute, then quickly swap your cable for his. With practice, he probably needs less than 10 seconds to do this.
Or he might put his cable in realistic packaging, plant it in a retail store, and wait for someone to buy it. The embedded software can alert him when the cable gets connected to a computer.
He could also take advantage of events where small items such as cables, cell phone credit card cases, or cheap earbuds are given away. He might silently drop a few of his cables into the bowl holding the real ones and wait for people to take them.
This is Not a Drill
Originally, one hacker tried to modify a cable as a “proof of concept” - he just wanted to see if it was possible.
Well, it was possible, and he went on to make hundreds of cables and sell them to other hackers for over $100 each.
The fact that hackers were willing to pay that much should tell you they know they can extract much more than that from their victims, by stealing their identities, getting login credentials for their financial accounts, or ordering things on eCommerce sites via their computer and having them shipped to unidentifiable dropboxes.
Good News / Bad News
The good news (for now) is that these rogue cables have to be hand-made and each one takes a fair amount of time, so the chance you'd encounter one is slim. Also, for some cables, the hacker has to be within a few hundred feet to access the victim's computer.
The bad news is that some hackers are figuring out how to mass-produce the cables, which means they'll be cheaper for other hackers to purchase and the chances you might encounter one are higher.
And some of the cables can now be configured to work over WiFi, which would let the hacker access the victim's computer from anywhere. It's easier to do the same thing for non-Apple devices like Android phones and non-Apple tablets. So this is not just an Apple device problem.
Your Best Defense
The best way to protect yourself is to use a small “data blocker” device such as the SyncStop or PortaPow.
These run about $10 and connect between your USB charging cable and your computer.
These devices allow power to flow to your phone or tablet, and therefore provide the normal charging function. But they block the data pins on the USB cable which prevents anything besides charging to happen.
I'm not endorsing any particular product. The SyncStop and PortaPow are simply two I'm aware of.In addition to protecting you from rogue charging cables, they're also good protection when you use a charging port in a public area such as a coffee shop or airport.
Just like hackers have put small circuits in rogue cables, they've also been known to do something similar behind the charging ports in public places.
Summary
It's unfortunate that we can't even trust simple devices like phone charging cables. But the hackers will exploit anything that's exploitable.
It's unlikely you have, or would encounter, such a rogue cable. If you have sensitive data on your computer and/or are more paranoid than average, a simple data blocker device might give you peace of mind.
Hopefully this article was helpful. If you have any questions about email phishing, please get in touch...
Want More Info Like This?
Get our Free Newsletter