A security researcher who allegedly works for Verizon Media came up with a Lightning cable that is capable of hacking your computer. While the O.MG cables are supposed to end up in the hands of security experts, at $100 per cable, they could end up in the wrong hands. There are no guarantees. It’s also possible that since he was able to add the hardware and software to the USB connector, someone else could do it. If you or your employees use cables purchased at a discount from a third-party seller on a site like Amazon, you have no way of knowing if you’re being conned.
It’s estimated that 74% of U.S. companies have more than 1,000 files that are sitting stagnant. Those files contain sensitive information. If companies aren’t being proactive about clearing out old files and using proper data destruction methods, theft is possible. It could happen with these tampered cables. All it would take is one employee to bring in an O.MG cable and plug it into a company computer.
How These Cables Work
The modified Lightning cables look like a cable, but the USB connector has a wireless technology inside. That software and hardware allow a remote user to connect to the cable and scan the information on the connected device. It can be used to steal usernames and passwords or install things like malware or viruses.
You plug in the USB connector to your computer and attach another device to charge it or upload/download files. Once that connector is active, the scammer remotely accesses the cable and is able to see everything you do. The connector may install malware or a virus on your computer. Some are designed to destroy themselves once the virus has finished installing.
This isn’t the first time someone has created a cable of this nature. The government has used them in the past. The NSA has COTTONMOUTH. The technology has been around for years. Over the years, people have gotten wary of plugging in flash drives they find on the street. They understand the dangers. People are not as wary of buying a cable from a third-party through online retailers. If you borrow someone’s cable or buy a cable online, you never know if you’re getting a cable that contains this technology.
If you think about the cost of malware or web-based attacks, it is stunning. It’s estimated that U.S. companies spend $2.4 million protecting themselves around malware or other online attacks. If your employee brought in a cable for charging a phone during the day and attached it to the workstation computer, what could it cost you?
Be Careful Where You Get Your Electronics
To save money, you may purchase refurbished electronics. It’s something small start-ups will do to lower expenses in the beginning. It’s better to put thought into where you purchase your copiers, printers, and computers when you’re starting out. If you purchase a used computer that has a cable that’s been tampered with, it could be devastating. You don’t want to get your first customer and have their information stolen.
Anything that’s refurbished needs to be cleaned of old data. You should only buy from a company that specializes in ITAD and data sanitation. Look for certifications that ensure you’ve chosen a company that is a registered refurbisher. It’s in your best interest to be very cautious.
When you purchase cables, be especially vigilant. When possible, only purchase from the manufacturer. Avoid third-party purchases. The technology is hard to detect, so you can’t look at the USB connector and know it’s been altered. Be safe by sticking to verified vendors. Make sure you share this with your employees.
Protect Your Sensitive Information
Varonis reports that an average of 21% of a company’s files are not protected. If you’re not using any protective steps, such as strong passwords, firewalls, or security software, you need to start. You need to be very selective in who you choose to destroy data on computers, printers, copiers, and other electronic devices your company no longer needs. Choose a company that destroys data, recycles the electronics, and never sends those devices to another country.
ERI is a leader in data destruction and electronics recycling. When you’re recycling any electronics, take precautions to be sure your personal or business information is protected. ERI has eight locations across the U.S. Some cities have electronics drop boxes. We’re also happy to talk to your organization about ITAD, data destruction, data center decommissioning, or electronics recycling. We’ll work with you to find the right solutions.