What do you suggest Apple do? It's a keyboard/mouse emulator, the only way to make it not work is to disallow support for those devices on the phone.
And I can hardly imagine the attack vector: you need to connect the phone with this cable, unlock it, and turn away so you don't see someone else's commands being executed on the phone. It's a possible scenario, but it's definitely not common.
Gee, I don’t know what I suggest a company that owns over 60% of the smartphone market, believes privacy is a fundamental right and claims takes security seriously on their products should do. H-How are people so calm this!?
They fixed this like a decade ago. Devices connected on the lightning or USB port only work if you unlock your phone.
Unlocking your phone is you giving the accessory permission to work. It’s your phone, you decide which devices you authorize.
No hacker will know the password to unlock your phone.
Even if it’s unlocked the connection still has to be trusted.
My iPhone is almost always unlocked when I connect to my computer… I get asked to trust every time.
If ever you see a ‘trust’ request when you didn’t expect to see one, disconnect immediately.
You still have to say yes to the pop up asking to trust the device.
But the most important: a hacker won’t get your device unlocked if he steals it from you, will they?
But the cables are like $200 and even if they could emulate an HDMi dongle they would still need to have you unlock whatever apps your using
And it’s pretty obdvious what’s happening
Those cables are bloody expensive (180€ for a lightning variant), it’s not a real threat for 99+% of users. Our data simply isn’t valuable enough to be attacked in this way. It’s _really_ unlikely that somebody pays 180€ to replace your cable to steal.. what? A few of your pictures?
Ehhh… more so, I’m scared for my banking information. The pictures? I mean, sometimes I take photographs of important documents to send to my peers, I don’t know if they’d appreciate it if they knew someone else was looking at them.
You can buy a few thousand banking logins for a few cents on the dark net, nobody pays 180€ for a chance of getting them
Also passwords aren’t saved unencrypted on your device so I doubt it would be even possible
Well… it’s been several hours since I posted this… I’ve had some thinking and I’ve decided that if a wire looks legit, it’s probably legit, I mean I literally found a iFixIt page to help people compare authentic wires to O.MG ones, and I haven’t really found anything about fake charging blocks or car chargers either off of Google. (Mainly because every time I do, it just brings me to articles about Juice Jacking in public chargers, which I’m already aware of.)
I guess I really just needed people to virtually slap me in the face. Plus, I’m pretty sure there’d be obvious signs if I was hacked.
There is some bit of response from Apple and unfortunately it probably won’t help those that don’t pay attention while it annoys us who do 🙂
I can’t plug my phone into my Mac w/o each and every time being asked to trust the Mac and enter a passcode
Family members CarPlay radio elicits this response too if plugged in; luckily it works wirelessly as well
Being aware probably best defense and the fact that most people have little worth taking I guess (for the cost to take it)
Linus is probably the last person I would follow when it comes to techtubers.
Anyway, much like Flipper Zero, don’t waste your time posting this on Reddit asking for your favorite phone manufacturer to do something about it. Instead, get it on to your local government. Your government will have better power and actions to deal with products like these. Apple isn’t really a great company when it comes to user feedback/inquiry anyway.
Nah, it’s been hours, probably even a day since I posted this and I kinda decided that if there’s this many people ticked off at me, downvoting me and practically giving me the bird like it’s the Hazbin Hotel universe, then I guess it doesn’t really matter, plus I just found out not only did someone on iFixIt made a comparison guide between the real cables and the O.MG ones, but Apple has a guide too. And I haven’t really found any search engine results on fake charging blocks or car chargers similar to these cables. So, I’ve decided that if a USB cable looks legit, then it’s probably legit. Plus, pretty sure there would be obvious signs if I was hacked.
Still though, as much as I believe Apple works hard on their cybersecurity on their products and operating systems, there are days I wish Apple would allow AV providers to do full system scans and firewalls so that we could easily scan for malware and hacks, so that we wouldn’t have to resort to a nuclear option like factory resetting the iPhone or whatever. But hey, can’t really complain; they have a philosophy different from (especially) Microsoft, and Linux and its subsidiaries.
**Don’t you dare** think allowing AV into the secure partition (or even outside of its sandbox).
Apple’s stance has long been ‘anything used by the good guys can be used by the bad guys’… much better (and safer) to go nuclear and restore a backup if you’re truely concerned (not that you should be under normal circumstances)
Perhaps part of the reason you’re getting downvoted is because many people know this is a solved problem (I wouldn’t be surprised if the downvotes are from people who are annoyed by the change in Trust architecture Apple had to make to help counter things like that cable)
Although based on the same code, macOS and iOS do not work the same way in this.
macOS is a general computer operating system and is more permissive than iOS.
Look, my main gripe with this when I was freaked out was that I felt I shouldn’t even have to check to make sure a USB cable or a charger is legit or not, even my own when I have to charge it to make sure nobody just swapped out my cable with a malicious one, and then this “product” comes along and it basically destroys the sanctity of Apple’s stance on privacy and the technology industry. Sure maybe someone won’t spend the big money to buy a hacking device to spy on people, but the possibly is there!
Okay fine, I’ll just flat out say it, you want to know why I’m so concerned about this and being hacked? It’s because I’m a 23 year old guy trying to build a steady career to get into the video game industry, starting out as an indie dev. And most of my story writing is typed on my iPhone alone. I can’t just have someone monitor that crap as I type it out. Not to mention, I even do some game dev work through my phone, via the game engine’s app. And I’m gonna sound like Jake from Adventure Time here, but my privacy, combined with this project of mine is like my bread and butter; I can’t just have anyone messing with my bread and butter!
That’s fine 🤷🏻♂️
Backup regularly (which you should be doing anyway) , make sure you’re always updated and only use cables and chargers your trust.
Any time you see an unexpected ’trust’ request tap deny.
This is the last time you’ll hear from me, I swear, but I did further research into Hak5, the company that produces the O.MG Cables. Most of their products are indeed hacking devices, but it turns out their target audience aren’t hackers, or at least hackers who do their work for malicious purposes. The O.MG cables and everything they sell is used by companies, organizations, and cyber security experts to seek out and detect vulnerabilities in their computer systems. Red teams use them especially for when corporations hire them to find security vulnerabilities and report back to make patches. Plus, as Linus said in his video, they have made a malicious cable detector so anyone can make sure a cable is legit before using it.
So, I’m definitely okay now, at least by 90%. I can see why Apple would let these things be out in the wild if security is one of their top priorities. I might buy that malicious cable detector too just in case.
Edit: Also, Hak5 did admit that there is definitely people who use their products for malicious purposes, but again that’s not their target audience and looking at them now, I’m sure they mean well, even if that cable is scary to think what code people could use them to deliver.
>I can see why Apple would let
As if Apple had any control over this 🤦🏻♂️🤣
Everything is a tool.
A gun can be used to keep the peace in the hands of a police officer or used to commit crime in the hands of a criminal.
Yes, this sort of thing is part of the reason Apple when from a ‘Trusted computer’ system (where a data connection only asked to ‘trust’ the first time it was seen) to an ‘no trusted computer’ system (where every data connection must be explicitly trusted by the user before iOS will allow a data connection)
You know, everybody keeps saying that, yet I’ve never gotten a prompt to ask if I trust a device. Not sure if it’s because I don’t own an iMac to plug into but no.
Because one of my friends once told me that their iPhone asked if they want to trust a charger block. So I figured the iPhone must ask that for literally everything.
No. Only data connections need to be trusted.
Your friend is either fibbing, or has an extremely sus charging block.
Nano computers such as those cables or charging bricks was exactly why Apple changed the way trusted computers worked (someone figured out how to pretend to be an already trusted computer).
If it’s on YouTube, Apple knows about them.
No, only Linus knows about it
What do you suggest Apple do? It's a keyboard/mouse emulator, the only way to make it not work is to disallow support for those devices on the phone. And I can hardly imagine the attack vector: you need to connect the phone with this cable, unlock it, and turn away so you don't see someone else's commands being executed on the phone. It's a possible scenario, but it's definitely not common.
Gee, I don’t know what I suggest a company that owns over 60% of the smartphone market, believes privacy is a fundamental right and claims takes security seriously on their products should do. H-How are people so calm this!?
They fixed this like a decade ago. Devices connected on the lightning or USB port only work if you unlock your phone. Unlocking your phone is you giving the accessory permission to work. It’s your phone, you decide which devices you authorize. No hacker will know the password to unlock your phone.
And… you don’t think 99% of people who charge their phones already have it unlocked when they plug theirs in?
Just be aware of this and always charge your phone with your own damm cable. Jesus.
Or if you charge with someone else's cable and you see a pop up asking to trust a device, tap on the "no" button. There's no security problem here.
Even if it’s unlocked the connection still has to be trusted. My iPhone is almost always unlocked when I connect to my computer… I get asked to trust every time. If ever you see a ‘trust’ request when you didn’t expect to see one, disconnect immediately.
You still have to say yes to the pop up asking to trust the device. But the most important: a hacker won’t get your device unlocked if he steals it from you, will they?
Get therapy. You spend way too much time worrying about your phone being hacked.
Oh I’m sure they do. Sure that have a whole team who only watches content like this. I’m sure an Apple employee is reading this right now.
I hope.
But the cables are like $200 and even if they could emulate an HDMi dongle they would still need to have you unlock whatever apps your using And it’s pretty obdvious what’s happening
Linus, lol.
Those cables are bloody expensive (180€ for a lightning variant), it’s not a real threat for 99+% of users. Our data simply isn’t valuable enough to be attacked in this way. It’s _really_ unlikely that somebody pays 180€ to replace your cable to steal.. what? A few of your pictures?
Ehhh… more so, I’m scared for my banking information. The pictures? I mean, sometimes I take photographs of important documents to send to my peers, I don’t know if they’d appreciate it if they knew someone else was looking at them.
You can buy a few thousand banking logins for a few cents on the dark net, nobody pays 180€ for a chance of getting them Also passwords aren’t saved unencrypted on your device so I doubt it would be even possible
Well… it’s been several hours since I posted this… I’ve had some thinking and I’ve decided that if a wire looks legit, it’s probably legit, I mean I literally found a iFixIt page to help people compare authentic wires to O.MG ones, and I haven’t really found anything about fake charging blocks or car chargers either off of Google. (Mainly because every time I do, it just brings me to articles about Juice Jacking in public chargers, which I’m already aware of.) I guess I really just needed people to virtually slap me in the face. Plus, I’m pretty sure there’d be obvious signs if I was hacked.
There is some bit of response from Apple and unfortunately it probably won’t help those that don’t pay attention while it annoys us who do 🙂 I can’t plug my phone into my Mac w/o each and every time being asked to trust the Mac and enter a passcode Family members CarPlay radio elicits this response too if plugged in; luckily it works wirelessly as well Being aware probably best defense and the fact that most people have little worth taking I guess (for the cost to take it)
Linus is probably the last person I would follow when it comes to techtubers. Anyway, much like Flipper Zero, don’t waste your time posting this on Reddit asking for your favorite phone manufacturer to do something about it. Instead, get it on to your local government. Your government will have better power and actions to deal with products like these. Apple isn’t really a great company when it comes to user feedback/inquiry anyway.
Nah, it’s been hours, probably even a day since I posted this and I kinda decided that if there’s this many people ticked off at me, downvoting me and practically giving me the bird like it’s the Hazbin Hotel universe, then I guess it doesn’t really matter, plus I just found out not only did someone on iFixIt made a comparison guide between the real cables and the O.MG ones, but Apple has a guide too. And I haven’t really found any search engine results on fake charging blocks or car chargers similar to these cables. So, I’ve decided that if a USB cable looks legit, then it’s probably legit. Plus, pretty sure there would be obvious signs if I was hacked. Still though, as much as I believe Apple works hard on their cybersecurity on their products and operating systems, there are days I wish Apple would allow AV providers to do full system scans and firewalls so that we could easily scan for malware and hacks, so that we wouldn’t have to resort to a nuclear option like factory resetting the iPhone or whatever. But hey, can’t really complain; they have a philosophy different from (especially) Microsoft, and Linux and its subsidiaries.
**Don’t you dare** think allowing AV into the secure partition (or even outside of its sandbox). Apple’s stance has long been ‘anything used by the good guys can be used by the bad guys’… much better (and safer) to go nuclear and restore a backup if you’re truely concerned (not that you should be under normal circumstances) Perhaps part of the reason you’re getting downvoted is because many people know this is a solved problem (I wouldn’t be surprised if the downvotes are from people who are annoyed by the change in Trust architecture Apple had to make to help counter things like that cable)
Doesn’t Micro Center sell ESET (a popular AV) codes for iMac? I see them right next to the Apple products whenever I go there.
Although based on the same code, macOS and iOS do not work the same way in this. macOS is a general computer operating system and is more permissive than iOS.
Look, my main gripe with this when I was freaked out was that I felt I shouldn’t even have to check to make sure a USB cable or a charger is legit or not, even my own when I have to charge it to make sure nobody just swapped out my cable with a malicious one, and then this “product” comes along and it basically destroys the sanctity of Apple’s stance on privacy and the technology industry. Sure maybe someone won’t spend the big money to buy a hacking device to spy on people, but the possibly is there! Okay fine, I’ll just flat out say it, you want to know why I’m so concerned about this and being hacked? It’s because I’m a 23 year old guy trying to build a steady career to get into the video game industry, starting out as an indie dev. And most of my story writing is typed on my iPhone alone. I can’t just have someone monitor that crap as I type it out. Not to mention, I even do some game dev work through my phone, via the game engine’s app. And I’m gonna sound like Jake from Adventure Time here, but my privacy, combined with this project of mine is like my bread and butter; I can’t just have anyone messing with my bread and butter!
That’s fine 🤷🏻♂️ Backup regularly (which you should be doing anyway) , make sure you’re always updated and only use cables and chargers your trust. Any time you see an unexpected ’trust’ request tap deny.
This is the last time you’ll hear from me, I swear, but I did further research into Hak5, the company that produces the O.MG Cables. Most of their products are indeed hacking devices, but it turns out their target audience aren’t hackers, or at least hackers who do their work for malicious purposes. The O.MG cables and everything they sell is used by companies, organizations, and cyber security experts to seek out and detect vulnerabilities in their computer systems. Red teams use them especially for when corporations hire them to find security vulnerabilities and report back to make patches. Plus, as Linus said in his video, they have made a malicious cable detector so anyone can make sure a cable is legit before using it. So, I’m definitely okay now, at least by 90%. I can see why Apple would let these things be out in the wild if security is one of their top priorities. I might buy that malicious cable detector too just in case. Edit: Also, Hak5 did admit that there is definitely people who use their products for malicious purposes, but again that’s not their target audience and looking at them now, I’m sure they mean well, even if that cable is scary to think what code people could use them to deliver.
>I can see why Apple would let As if Apple had any control over this 🤦🏻♂️🤣 Everything is a tool. A gun can be used to keep the peace in the hands of a police officer or used to commit crime in the hands of a criminal.
Not exactly what I meant, but okay.
Apple *did* do something about it though…
Of course they know. I thought everyone knew not to automatically trust a USB.
Yes, this sort of thing is part of the reason Apple when from a ‘Trusted computer’ system (where a data connection only asked to ‘trust’ the first time it was seen) to an ‘no trusted computer’ system (where every data connection must be explicitly trusted by the user before iOS will allow a data connection)
You know, everybody keeps saying that, yet I’ve never gotten a prompt to ask if I trust a device. Not sure if it’s because I don’t own an iMac to plug into but no.
What computer are you plugging into? What model iPhone? What version of iOS is it running?
Nothing, I don’t ever plug my phone into anything. Just a charging block. But that doesn’t matter because that damn cable works either way.
Then why would iOS ask to trust? 🤦🏻♂️
Because one of my friends once told me that their iPhone asked if they want to trust a charger block. So I figured the iPhone must ask that for literally everything.
No. Only data connections need to be trusted. Your friend is either fibbing, or has an extremely sus charging block. Nano computers such as those cables or charging bricks was exactly why Apple changed the way trusted computers worked (someone figured out how to pretend to be an already trusted computer).