An O.MG cable is a recent and valuable tool within a cyber attacker’s arsenal.
Gone are the days of hackers leaving a dodgy USB thumb drive in your business’ foyer and hoping you’ll plug it in, they’re now leaving super handy phone charger cables instead.
Despite seemingly being named after a texting acronym (OMG!) – which is presumably what victims say once they realise they’ve been hacked – an O.MG cable looks exactly like a regular mobile phone charger cable, but actually houses a tiny network access point.
When someone picks up the O.MG cable and plugs it in, the cable spins up an access point over Wi-Fi and bridges the internal network.
The hacker, who will be waiting somewhere nearby, waits for the remote connection to appear, and once it does they instantly have the ability to access the victim’s computer and mobile phone.
At DEF CON, the world’s largest hacking convention, the O.MG cable’s developer Mike Grover claimed that he could access a device up to 300 ft (90m) away, and if he configured the cable to act as a client to a nearby wireless network, the distance could become unlimited.
The danger with these cables is that people often assume they are completely safe as they look identical to a regular mobile phone charging cable. Additionally, these cables can be any type of phone cable, whether it’s Lightning, USB-C, USB-A, micro-USB, it doesn’t matter if it’s Apple or Android, any cable can be used.
So how do you avoid falling for this trap?
Well, it’s pretty obvious: never take and use a cable you find in public or that has been left lying around the office, and make sure your staff all know not to do so as well.
It can certainly be tempting, as a free cable saves you a trip to Officeworks or the Apple Store, but it’s simply not worth the risk.
I know I’d rather have a dead phone than a hacker running riot inside my business’ computer network.
Want to know more about red-teaming and how it can help protect your organisation?