We live in a time where security testing is becoming more open and public, and with that comes some unusual activities — such as the mass production of fake iPhone Lightning cables that can hack your computer. They are called ‘O.MG’ cables, and they’re made by Hak5. They have tiny wireless transceivers built in.
The O.MG fake Lightning cables are alleged to be designed for Red Teams (independent penetration testers) to perform penetration testing (often unbeknownst to the company whose network they’re attacking). However, malicious entities may be interested in using them as well. Thieves could use these fake Lightning cables to remotely execute malicious scripts and hack your computer, if they get their hands on them.
This means that (as Apple said) you need to be very careful of where you buy your Lightning cables from, and don’t borrow or take any USB devices from people or sellers you don’t trust. Conterfeit devices are usually unreliable or dangerous from a security or a safety standpoint. There’s always a catch. Apply the same logic to USB drives, physical authentication devices, hardware wallets, and any device that connects to your computer or phone.
These cables look very much like legitimate Lightning cables, so they may at some point find their way into the wrong hands, or the design used to modify existing Lighting cables (unless criminals are already making their own such cables, which wouldn’t be surprising). Hak5 is also selling USB keyrings and Ethernet devices for penetration testing as well. These include the Shark Jack and Bash Bunny.