WyzGuys Tech Talk

Is it a USB cable or a Trojan horse?  We have come to consider Trojan horses to be malicious software these days, and part of the virtual world,  But the original Trojan Horse was a very physical device.  And so is this stunning USB style Trojan.

Called the O.MG Cable by its creator, Mike Grover, whose online handle is MG, this device can  be plugged into Windows, Linux, or Mac systems, and allow it’s user to execute commands over Wi-Fi from a phone app to the computer the cable is attached to.

The cable appears to the host computer to be a HID or Human Interface Device, basically a keyboard and mouse.  Although the device connects to available Wi-Fi networks, the cable can be configured to call out to the attacker over the Internet, creating an exploit called a “reverse shell.”  This gives the attacker a terminal or command prompt to work with on the victim computer.

The printed circuit board in the connector contains the wireless card and storage.

Some of the exploits include:

• Remotely log into the victim system.
• Type commands into the victim system
• Install, update, and run malicious software.
• Disconnect other systems from the wireless network.
• Change the firmware (BIOS) of connected systems.

More information:

• O.MG Project Page
• O.MG Twitter demo
• Bleeping Computer
• Sophos Naked Security

And on a related note:

• Thunderbolt connection vulnerability