- Malicious charging cables carry malware
- This can erase all your data
- Be careful when borrowing charging cables from other people
“If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear,” says Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM Security.
This is how he explained why borrowing other people’s device chargers in 2019 is a huge mistake.
Henderson has numerous hackers employed that are hired by companies to detect vulnerabilities in their systems.
Cyberhackers have learned to install viruses and malware in charging cables which they can easily use to hack devices. Henderson and his team are now telling their clients to be more careful when lending or borrowing chargers from other people.
“We might send somebody a swag iPhone cable in the mail. Maybe we have it branded as something innocuous, like a vendor or a partner that they have listed on their website. We send off the cable and see if the person plugs it in,” says Henderson.
A hacker, who is nicknamed MG displayed his modified iPhone lightning cable during a Hacking Conference in Las Vegas.
He connected an iPod to a Macbook and was able to control the Macbook at his will. MG stated that he could erase the malware and everything that existed in that computer.
This charging cable hacking strategy is not much of a threat yet according to Henderson.
“Mainly because this kind of attack doesn’t scale real well, so if you saw it, it would be a very targeted attack.”
But mentions that people should be aware of it because the tool is accessible to anyone.
“The technology is really small and really cheap. It can get so small that it looks like an ordinary cable but has the capability and the intelligence to plant malware on its victim. These things are only going to get cheaper to produce and it’s not something your average consumer is going to be tracking to know when it becomes viable on a mass scale.”
Charging stations, as of now, are bigger threats than malicious charging cables.
“We’ve seen a couple of instances where people modified charging stations. I’m not talking about an electrical outlet, I’m talking about when there’s a USB port on a charging station.”
Henderson concluded by saying being careful of what you use to plug into your device is very important.
“Think of it in the same way that you think about opening mail attachments or sharing passwords. In a computing context, sharing cables is like sharing your password, because that’s the level of access you’re crucially conveying with these types of technology.”