Why You Should Never Borrow Someone Else’s Charging Cable

Why You Should Never Borrow Someone Else’s Charging Cable

Why You Should Never Borrow Someone Else’s Charging Cable

In 2019, that would be a huge mistake, say, cybersecurity experts.

“There are certain things in life that you just don’t borrow,” says Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM Security. “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travellers if you could borrow their underwear. You’d go to a store and buy new underwear.”

Henderson runs a team of hackers that clients hire to break into their computer systems in order to expose vulnerabilities. Since cyber hackers have figured out how to implant charging cables with malware that can remotely hijack devices and computers, his team sometimes uses a trick to teach clients to be less trusting of third-party charging cables. “We might send somebody a swag iPhone cable in the mail. Maybe we have it branded as something innocuous, like a vendor or a partner that they have listed on their website. We send off the cable and see if the person plugs it in,” he says.

Last week, at the annual DEF CON Hacking Conference in Las Vegas — “hacker summer camp,” says Henderson — a hacker who goes by “MG” demonstrated an iPhone lightning cable that he had modified. After using the cable to connect an iPod to a Mac computer, MG remotely accessed the cable’s IP address and took control of the Mac, as Vice reported in play-by-play fashion. MG noted that he could later remotely “kill” the implanted malware and wipe out all evidence of its existence. The enterprising hacker had a stash of so-called O.MG cables that he was selling for $200 a piece.

Malicious charging cables aren’t a widespread threat at this time, says Henderson, “Mainly because this kind of attack doesn’t scale really well, so if you saw it, it would be a very targeted attack.”

For the moment, Henderson says, a bigger threat than malicious charging cables is USB charging stations you see in public places like airports. “We’ve seen a couple of instances where people modified charging stations. I’m not talking about an electrical outlet, I’m talking about when there’s a USB port on a charging station.”

“Being careful about what you plug into your devices is just good tech hygiene,” says Henderson. “Think of it in the same way that you think about opening mail attachments or sharing passwords. In a computing context, sharing cables is like sharing your password, because that’s the level of access you’re crucially conveying with these types of technology.”

Many travellers know that, in a pinch, the hotel front desk will often have a drawer of charging cables that were left behind by guests.

Don’t be tempted, says Henderson. “If the front desk had a drawerful of underwear, would you wear those?”

READ MORE: