XPost: misc.phone.mobile.iphone

In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

--
I noticed that but was still trying to work out a way of drawing it
to everyone's attention that would be sufficiently satisfying,
combining maximum entertainment value for readers with maximum
humiliation for you. -- Laura

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

In message <sgtopj$8s9$1@dont-email.me> gtr <xxx@yyy.zzz> wrote:

On 2021-09-03 02:53:05 +0000, Lewis said:

In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent.

With my keyboard? Yes. I know it's ,y keyboard.

So in the end that's no safeguard at all.

Bullshit.

Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.

If I connected a cable and it asked me to authorize the USB device I
would, of course, say no.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.

YOU might, but no, I would not.

--
NO ONE WANTS TO HEAR ABOUT MY SCIATICA Bart chalkboard Ep. AABF09

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2021-09-03 02:53:05 +0000, Lewis said:

In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though
nefarious device.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a
spy-wire on your desk you'd likely use it without consideration.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2021 Sep 03, gtr wrote
(in article <sgtopj$8s9$1@dont-email.me>):

On 2021-09-03 02:53:05 +0000, Lewis said:

In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB cables of many types have been created over the last several years. iOS asks you before you use any USB device if you trust the device, a detail left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.

Errmm... how are they _getting_ to my desk? Does the spy cable look like my regular cable? What if I don’t use a cable to connect much of anything
except my headphones... and the cable for the headphones is attached to the headphones, and the adaptor for that cable travels with the headphones.A new, unrecognized, unrequested USB cable suddenly appearing on my desk at the
office would be regarded with extreme suspicion. At home, well at home only
two people buy computer equipment, and neither of us leaves random cables around.

No, I wouldn’t use it at all.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2021-09-03 23:38:58 +0000, Wolffan said:

On 2021 Sep 03, gtr wrote
(in article <sgtopj$8s9$1@dont-email.me>):

On 2021-09-03 02:53:05 +0000, Lewis said:

In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail >>> left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all.
Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though
nefarious device.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a
spy-wire on your desk you'd likely use it without consideration.

Errmm... how are they _getting_ to my desk?

*Your* desk, maybe not, but it is easy for someone to get to many desks
- for example, a night time office cleaner or security guard.

Even for home users, they could be a housekeeper who comes to clean
your house when you're out, or if you take you device to a repair shop
or a repair tech comes to you, a nasty person could easily swap the
cable without you knowing.

One potential solution would be to use a permanent marker to put a line
around the cable somewhere, but you would have to constantly check for
it still being there before using your device.

Does the spy cable look like my regular cable?

Yes. It can be made to look like any ordinary cable, including those
from specific manufacturers such as Apple, IBM, etc.

What if I don't use a cable to connect much of anything except my headphones... and the cable for the headphones is attached to the
headphones, and the adaptor for that cable travels with the headphones.

It probably wouldn't take much for some nasty person working at these manufacturing companies to slip a similar device into cables shipping
with products.

The reality is that this particular one and the ones before it are
keystroke recorders, so only really an issue if using it with a
keyboard (including wireless ones if you stick an wireless adapter in
the end of the cable or a hub connected via the cable) or potentially
when diasy-chaning devices ... you can't record keystrokes from a
product like headphones that don't send keystorkes.

A new, unrecognized, unrequested USB cable suddenly appearing on my
desk at the office would be regarded with extreme suspicion. At home,
well at home only two people buy computer equipment, and neither of us
leaves random cables
around.

No, I wouldn't use it at all.

As above, someone like a nasty repair technician or housekeeper could
easily swap the cables without you ever knowing.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

gtr <xxx@yyy.zzz> wrote:

On 2021-09-03 02:53:05 +0000, Lewis said:

In message <sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler
<newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB
cables of many types have been created over the last several years. iOS
asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example,
every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you
always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an
eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.

Yup. Which is how the americans hacked the iranian nuclear facilities.
People are far easier to fool that computer systems.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone

On 2021 Sep 03, Your Name wrote
(in article <sguge4$1evq$1@gioia.aioe.org>):

On 2021-09-03 23:38:58 +0000, Wolffan said:

On 2021 Sep 03, gtr wrote
(in article <sgtopj$8s9$1@dont-email.me>):

On 2021-09-03 02:53:05 +0000, Lewis said:

In message<sgro46$2pmcc$1@paganini.bofh.team> NewsKrawler <newskrawl@krawl.org> wrote:

New malicious Lightning cable can steal user data from a mile away

This is 1) not news and 2) has nothing to do with lightning. Fake USB cables of many types have been created over the last several years. iOS asks you before you use any USB device if you trust the device, a detail
left out of these stories, of course. I get the alert, for example, every time I connect my keyboard to my iPad.

But when the system asks you if you trust the device, having
encountered it, as you say every time you connect your keyboard, you always automatically assent. So in the end that's no safeguard at all. Logically, one wouldn't do testing to find out if the cable has an eavesdrop mechanism clandestinely hidden. So it's an ingenous though nefarious device.

We are all more tentative about jamming an unknown thumbdrive into a
port without validting it. But if someone were to swap out or leave a spy-wire on your desk you'd likely use it without consideration.

Errmm... how are they _getting_ to my desk?

*Your* desk, maybe not, but it is easy for someone to get to many desks
- for example, a night time office cleaner or security guard.

Even for home users, they could be a housekeeper who comes to clean
your house when you're out, or if you take you device to a repair shop
or a repair tech comes to you, a nasty person could easily swap the
cable without you knowing.

One potential solution would be to use a permanent marker to put a line around the cable somewhere, but you would have to constantly check for
it still being there before using your device.

As the vast majority of keyboards (Mac and Windows) are either wireless (usually Bluetooth for Mac, usually IR for Windows) or have the USB cable permanently attached, you _can’t_ just slip a cable in for a keyboard. This _especially_ applies to iPad keyboards; the only iPad keyboard that I’ve
ever seen which isn’t Bluetooth has the Lightening cable hardwired in. Same for mice, trackpads, trackballs, etc.Devices like graphics tablets often have detachable cables... but they’re usually microUSB to USB A cables. Almost
all Lightening cables ain’t gonna cut it. (It’s non-trivial to find a
cable which will work with, say, a Wacom One and an iPad. Better to use an Apple Pencil directly on the iPad, even if Pencils are bloody expensive. The few cables which will do the job are closely monitored.)

No, detachable cables usually go with storage devices... and there are damn
few cables for attaching external storage to iPads.

You _can’t_ just slip a spy cable in... it won’t bloody work. Except, perhaps, as a power cable or to connect a device to a computer.

Does the spy cable look like my regular cable?

Yes. It can be made to look like any ordinary cable, including those
from specific manufacturers such as Apple, IBM, etc.

Power cables, and cables to connect iPads etc to computers are kept locked
away so they won’t get lost, in the same filing cabinet containing the
power bricks. At the office the cables and bricks are labeled, you’re supposed to take cable C1 and power brick P1 at the same time. At home they’re in a drawer, also to keep them from walkies. At the office the cleaning and security staff have no access to the filing cabinets; they _can’t_ play with cables. At home, _I’m_ the cleaning and the security staff.

What if I don't use a cable to connect much of anything except my headphones... and the cable for the headphones is attached to the headphones, and the adaptor for that cable travels with the headphones.

It probably wouldn't take much for some nasty person working at these manufacturing companies to slip a similar device into cables shipping
with products.

So now they’re shipping froim the factory... which means that they have NO FUCKING CLUE WHERE THE THINGS GO, WHEN THE THINGS ARRIVE, WHAT THE THINGS ARE ATTACHED TO... You’re gonna spray and pray, eh? Good luck with that.

The reality is that this particular one and the ones before it are
keystroke recorders, so only really an issue if using it with a
keyboard (including wireless ones if you stick an wireless adapter in
the end of the cable or a hub connected via the cable) or potentially
when diasy-chaning devices ... you can't record keystrokes from a
product like headphones that don't send keystorkes.

A new, unrecognized, unrequested USB cable suddenly appearing on my
desk at the office would be regarded with extreme suspicion. At home,
well at home only two people buy computer equipment, and neither of us leaves random cables
around.

No, I wouldn't use it at all.

As above, someone like a nasty repair technician or housekeeper could
easily swap the cables without you ever knowing.

Nope. Not if there’s anythiung vaguely approaching proper physical
security.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)