O.MG Elite Cable Received Enhanced Networking Capabilities

O.MG Elite cable
Written by Emma Davis

At the DEF CON conference, a new version of the O.MG malicious cable, called O.MG Elite, was demonstrated. At a glance, such cable does not differ from a regular Lightning or USB-C cable, but in reality, it is a dangerous variation on the Rubber Ducky theme.

We also wrote that The Researcher Showed How to Get Root Access to Agricultural Machinery John Deere.

Let me remind you that the first version of the O.MG cable appeared back in 2019, and it was invented by the well-known information security specialist and engineer Michael Grover, also known by the nickname MG. Such cable looks very similarly to the usual one, and it can be connected to a machine running Linux, Mac or Windows. But in reality, O.MG is not at all so simple and is defined by the system as a HID (Human Interface Device), that is, a USB device for interacting with a person (usually a keyboard, mouse, game controller, and so on).

Since MG even added support for wireless connections to its development, as a result, by connecting the O.MG cable to the target machine, the attacker was able to execute any commands via Wi-Fi, as if he were simply typing them on the keyboard of the target computer.

Interestingly, unlike other MG projects (which were repeatedly demonstrated on its Twitter attacks through man-made malicious USB cables and even the failure of special protective adapters that should protect against attacks via USB), the O.MG cable was not only shown on the Internet and was sold to a few specialists at DEF CON, but it entered a series production thanks to Grover’s collaboration with Hak5.

This year, the expert pleased fans of hacker hardware with a novelty: but at the DEF CON conference, he presented an early version of the updated O.MG cable, which received the Elite prefix.

O.MG Elite cable
O.MG Elite “Stuffing”

The grower claims that one such cable can replace $20,000 worth of equipment. In particular, advanced network functions distinguish it from its predecessor O.MG Elite: now the cable can support two-way communication with its operator.

Many data exfiltration attacks, including password theft from Chrome, rely on sending data over the target machine’s Internet connection, which can be blocked by antivirus software or corporate network settings. The onboard network interface bypasses this protection by giving the cable its own communication channel to send and receive data, as well as a way to steal data from “isolated” machines that are completely disconnected from external networks.says MG.

O.MG Elite is capable of attacking and reading data that is transmitted over a cable, for example, between iPhone and Mac, or any other combination of devices (Lightning to USB-A, Lightning to USB-C, C to C and microUSB).

It also contains a keylogger: if used to connect a keyboard to a host computer, the cable can record all keystrokes that pass through it and store up to 650,000 keystrokes in the built-in memory for later retrieval. Your password? Saved. Bank account details? Saved. Drafts of bad tweets you didn’t want to send? Also saved.adds the expert.

The novelty also boasts expanded payload storage, and O.MG cable operators can now control multiple malicious devices at once through a single control server.

The updated O.MG Elite, currently in early access, starts at $179.99. In fact, the hardware is already completely ready, and now the developers are offering everyone to test new software features while MG and his colleagues finish development. However, buyers can use the latest stable firmware, in which there are simply no new features (and potential bugs). The O.MG Elite is scheduled to be finalized by 2023.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.