Buying "cheap" Counterfeit Phones and Lightning cables are Dangerous

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Fake devices look real but are rife with unpatched operated systems, outdated kernels, and a universe of dodgy backdoors and malware, researchers have found.
Motherboard’s investigation also found the fake iPhone X was loaded with backdoors and malicious apps, meaning that owning such a device likely resulted in any number of dubious middlemen gaining access to your personal information.

This time, the researchers dug deeply into the workings of two bogus devices, a fake iPhone 6 and a fake Samsung S10. Both devices are routinely being sold for around a tenth of their retail price at a wide variety of sketchy online outlets, and both contain severe security vulnerabilities that will put your personal data—and potentially your personal safety—at risk.

The external fit and finish do a convincing job making the devices look legit, and even some functionality like haptic feedback and fingerprint sensors work fairly well. Internally, both devices use cheap Chinese hardware running community-built Android-based ROMs, with the S10 using the same native launcher, UI/Icon pack, and theming engine of the original device.

But while both devices pretend to be running the latest version of Android Pie 9.0, in reality they were running OS variants like Kitkat 4.4.0. that haven't seen security updates since 2014. The devices also both run outdated kernels, opening device users to threats patched years ago (like DirtyCow or Towelroot) in the legitimate versions of these devices.


It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.

But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
I don't think cable itself can contain malicious firmware but it could be the PC with autorun or autoplay enabled will easily infect the PC and legit phones as well.
Then again, iDevices can only be accessed whilst unlocked. If its locked and connected to PC it won't even charge nor connect.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top