Hacking Cables, Fortnite ransomware and Apple’s Face ID fails! Is this the plot of the next Mission Impossible or just the August Month in Hacks?
The annual DEF CON and Black Hat hacking conventions were held in August, giving rise to two of the four hacking tidbits noted below. As always, The Month in Hacks keeps cybersecurity top of mind to reinforce the importance of network protection.
Malicious Modified Cables Enable Remote PC Hacking
A security researcher has created a special kind of Apple Lightning cable, one that gives hackers access to connected devices. The hacking cable, known as the O.MG cable, works like your regular Apple Lightning cable used to charge iPhones and transfer data to and from a PC or iGadget. But it also does more.
A WiFi implant in the tail of the cable lets hackers tap into the cable using specific software, thus accessing the machine to which the cable is connected through a device within range. The wireless range of the cable is 300 feet, although it could theoretically broaden its range if connected to a WiFi network with external internet access. One final feature is the kill switch, which erases all evidence of hacking once the deed is done.
The cable’s creator, who uses the Twitter handle _Mg_, was selling the cables for $200 a pop at this year’s DEF CON Las Vegas hacking convention. He said he chose the Apple Lightning cable because it was the toughest implant, making it an ideal “proof of capabilities.”
250 Million Fortnite Gamers Face Ransomware Risk
Fortnite gamers looking to gain a competitive edge using what appears to be an aimbot cheat tool may instead end up cheated themselves. The Fortnite gaming hack only masquerades as a cheat tool, while it’s actually ransomware that cheats players out of money.
Known as “Syrk,” the filename of the ransomware is “SydneyFortniteHacks.exe.” It’s expected to be distributed through links posted to gamers in forums and as uploads to sharing sites. Once unsuspecting Fortnite players begin to download Syrk, the ransomware will kick into action.
Its eventual goal is to encrypt all types of files, give each a file a .syrk file extension, and then display a message that demands a ransom be paid for recover the files. The best way for Fortnite players to stay safe from Syrk? Easy, Forbes says. Don’t cheat.
Ransomware Hits 23 Texas Organizations Linked to Local Government
Ransomware reared its ugly head in Texas, where 23 organizations were hit over the weekend of August 17. The organizations were all connected to the local government, most of them smaller local government departments.
The attack is believed to have come from a “single threat actor,” although that’s about the only details provided by the Texas Department of Information Resources. State authorities had called in military and counter-terrorism units, as well as cyber-security experts, to restore their systems and bring everything back online.
iPhone FaceID Authentication Hacked in Two Minutes
Face recognition is not an infallible security measure, as evidenced when the Apple iPhone FaceID was bypassed in about two minutes. The hack went down at the annual Black Hat hacker convention in Las Vegas, where it’s par for the course to demonstrate and discuss how hackers do their thing.
Tencent researchers were on the FaceID beat, and they showed how you could fool the face recognition feature with three ingredients: a pair of glasses, tape and a sleeping iPhone owner. Tape is positioned over glasses in such a way as to mimic a pupil and iris, a black area of the eye with a small white dot. The face recognition program doesn’t pull full 3D data from the eye are if the phone owner is wearing glasses. It instead searches for the pupil and iris.
The glasses are then placed on the sleeping victim, and his face is then used to unlock the phone. While not all that practical in real life, the demonstration did gain a lot of attention at the convention.