Researchers Infect iOS Devices With Malware Via Malicious Charger

← Back to Stories (view on slashdot.org)

Researchers Infect iOS Devices With Malware Via Malicious Charger

Posted by timothy on Monday June 3, 2013 @12:04AM from the nobody-wants-some-iphone-with-a-social-disease dept.

Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple's iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they're calling 'Mactans' after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do."

201 comments

Min score:

Reason:

Sort:

"Researchers" by Anonymous Coward · 2013-06-03 00:06 · Score: 1, Interesting

Kill all the "Researchers".
Possible Solution by muphin · 2013-06-03 00:08 · Score: 2

would PairLock be a possible solution, would that work?

--
It's not a typo if you understood the meaning!
1. Re:Possible Solution by Joce640k · 2013-06-03 00:21 · Score: 2
  
  I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?
  
  --
  No sig today...
2. Re:Possible Solution by Threni · 2013-06-03 00:40 · Score: 1
  
  Exploits are still exploits even if they can be detected by virus/malware etc scanners, right?
3. Re:Possible Solution by jeffmeden · 2013-06-03 01:34 · Score: 5, Informative
  
  I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?
  Because you have to jailbreak in order to use PairLock? And um, jailbreaking is bad, mmkay?
4. Re:Possible Solution by Anonymous Coward · 2013-06-03 02:52 · Score: 0
  
  And um, jailbreaking is bad, mmkay?
  Only if you support the organized crime. (Content Mafia)
  Such people deserve the jail they bought for themselves. ^^
5. Re:Possible Solution by Anonymous Coward · 2013-06-03 09:03 · Score: 0
  
  I do not believe these malware problems would exist at all if the employers of the OS coders were held responsible for their product like a car company is held to their product. That is, if malware uses some OS fault, java bug, Sony rootkit, whatever, the entity owning the vector ( and got paid real money ) is personally on the hook to make it right. Is our Congress willing to pass law holding "rightsholders" responsible for the misbehaviour of their stuff?
  
  "Trustworthy Computing" should be more than marketing phrase. As it is, marketing phrases like "Trustworthy Computing", "Plays for Sure", and the like are to be taken no more seriously than the "business talk" shown on marketing promotions - I mean does one really think the company is telling the truth when the first thing they do when you show a spat of interest is want you to sign legal papers which is full of asterisks, little doo-dads, disclaimers, hold-harmless, up-to, could save,... well, you get the idea what I mean by "business talk". I do not believe ethical companies need to do business that way, however companies which are looking to deceive me are expected to present me with that kind of stuff. Presenting me with a contract full of escape clauses has about the same effect on my desire to purchase as a puddle of vomit in front of an eatery affects my appetite. It gives me an unmistakeable impression that the company is just out to play a shell game with me. Basically, its "sign this commitment to us, and we will think about your need, and if you are lucky, we may actually do something".
  
  If someone came to a job interview, full of excuses on whether or not he will do the job, the interviewer would get an impression the job seeker wasn't serious. How can business give me the kind of papers they have their lawyers write up and give them to me for my signature, and hold a straight face?
  
  I would be highly embarrassed to show those to anyone who can read. Most of them freely admit the company's sole forte is taking my money, and they will not be held to doing the job. I can not believe an ethical organization could present such a thing to their customer.
  
  This is nothing new. There is a phrase... "Caveat Emptor" which has been around far longer than I. An apathetic public along with a lobbied Congress results in a lot of one-sided law which benefits the ones who control the law-makers. If one installs pirated, free, open-source, stuff, one takes the same risks as self-medication - if things go awry, you are on your own. ( ehh Java and Flash come immediately to mind - even though these are "free" for the user, webmasters seem to love this stuff and often won't even use something as simple as an HTML link anymore - and they find business men who will hire them to make the business website useless to anyone who will not toe the line and run the demanded add-on ).
  
  We have mechanisms in place right now to get rid of this pesterence, and this is for the public-at-large to pester their representatives about passing law holding rightsholders responsible for the behaviour of their products along with the rights to monetize their rights. They should remind their Congressman of their vote to pass stuff like DMCA, and if they can judge an individual as a thief for copyright violation, the rightsholder likewise can be judged a thief if his product malfunctions and causes the buyer a loss. This stuff needs to be brought up close to election day, with the politician's talking points duly noted, and the populace insist on the politician actually doing what he promised... or recall the SOB and replace him with someone who will. This whole mess is OUR fault for tolerating it.
  
  The rich people do not tolerate it. Why should we?
Physical Access by Anonymous Coward · 2013-06-03 00:13 · Score: 2, Insightful

Physical access to a device allows for far too many attack vectors to protect against. News at 11
1. Re:Physical Access by Anonymous Coward · 2013-06-03 00:20 · Score: 5, Informative
  
  This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior. For the Olympic Games in London, Vodafone fitted 1000 taxis with mobile phone chargers.
2. Re:Physical Access by ameen.ross · 2013-06-03 00:21 · Score: 1
  
  Except physical access doesn't refer to peripherals.
  
  --
  $(echo cm0gLXJmIC8= | base64 --decode)
3. Re:Physical Access by Anonymous Coward · 2013-06-03 00:21 · Score: 1
  
  It would be trivial to protect against silent attacks through USB chargers: Just require a confirmation on the phone before reading any data from USB. If the phone doesn't read data from USB, then you cannot hack the phone through USB.
4. Re:Physical Access by fuzzyfuzzyfungus · 2013-06-03 00:23 · Score: 3, Interesting
  
  Physical access to a device allows for far too many attack vectors to protect against. News at 11
  I think the issue here is that 'plausible, easy-to-engineer, physical access allows a demonstrated attack against a device'.
  Also, at an architectural level, having an idevice plugged in is much closer to having a network connection to a computer than it is to having 'physical access'. It's a bit weirder than a pure USB network adapter; but it's essentially a chat, over TCP, with a remote computer, not total control over a USB MSC device or something of that flavor.
5. Re:Physical Access by lseltzer · 2013-06-03 00:29 · Score: 2
  
  Not that I'm all that worried about this attack, but the confirmation dialog would have to present some identifying information about the device, so the approval could probably be social-engineered.
6. Re:Physical Access by Anonymous Coward · 2013-06-03 00:32 · Score: 1, Insightful
  
  This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior.
  It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.
7. Re:Physical Access by AmiMoJo · 2013-06-03 00:36 · Score: 2, Informative
  
  And remember, all this is to support Apple's DRM that blocks 3rd party chargers (or at least prevents them using the fast charge rate).
  Providing phone chargers is a common courtesy in some countries, e.g. Japan. Most hotels and bars will have a load of chargers behind the front desk to lend out, for example.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:Physical Access by Anonymous Coward · 2013-06-03 00:37 · Score: 1
  
  Well, if you only want to "charge" the damn phone, it shouldn't be accessing any of its data, should it? Don't know how you social engineer around that, other than, well, true, morons are going to click accept anyway...
9. Re:Physical Access by slim · 2013-06-03 00:42 · Score: 5, Insightful
  
  GP has already provided you with a potential scenario - presumably the chargers Vodafone fitted in London taxis were a USB socket and/or an iPod dock mounted in the passenger section of the taxi. The BeagleBoard could be anywhere in the taxi.
  Plus, it's a proof of concept. It could certainly be miniaturised.
  I doubt that any other smartphone OS is immune to this kind of attack, however.
10. Re:Physical Access by fredprado · 2013-06-03 00:44 · Score: 4, Insightful
  
  The prototype being based in a big developer board means nothing. The exploit could be easily replicated in smaller boards that would fit just fine in regular chargers.
11. Re:Physical Access by Anonymous Coward · 2013-06-03 00:44 · Score: 2, Insightful
  
  The Beagleboard is just one of many development boards around ARM chips which are typically smaller than a fingernail, because they're the main components in mobile phones. There are much smaller alternatives than the Beagleboard, even without making a custom board. For example, the Gumstix Overo single board computer is based on the same chip as the Beagleboard and is about the size of a stick of chewing gum. The attack could be built into anything from docking stations to the smallest chargers.
12. Re:Physical Access by Anonymous Coward · 2013-06-03 00:46 · Score: 0
  
  They could spin their own board and make it much smaller (postage stamp size). All they need is a micro-controller with a built-in USB transceiver and enough program space to hold their payload.
13. Re:Physical Access by fuzzyfuzzyfungus · 2013-06-03 00:51 · Score: 1
  
  I assume that the lighting auth chip makes the behavior even more complex, under the surface; but I think that the network-like behavior happens on all iOS devices, regardless of connnector type. The ipods(aside from the Touch, which is more or less a cost-reduced iphone without the cell modem) were slightly eccentric mass storage class devices, or the firewire equivalent; but none of the iOS devices ever exposed their storage directly, you have to go through their OS for access.
14. Re:Physical Access by Anonymous Coward · 2013-06-03 00:53 · Score: 0
  
  It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.
  Great, can you please convince iPhone users to not plug their phone into my laptop to charge it without asking first.
15. Re:Physical Access by gmack · 2013-06-03 00:58 · Score: 4, Insightful
  
  This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior.
  It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.
  Sure they will. In Spain there are charging kiosks with coin slots and cables going somewhere you can't see them and people use those all of the time. You forget that in most public charging situations you don't want just anyone to be able to unplug the thing and walk away with it.
16. Re:Physical Access by dfghjk · 2013-06-03 01:10 · Score: 1
  
  Deep thinking AC.
17. Re:Physical Access by Anonymous Coward · 2013-06-03 01:18 · Score: 1
  
  Well, if you only want to "charge" the damn phone, it shouldn't be accessing any of its data, should it? Don't know how you social engineer around that, other than, well, true, morons are going to click accept anyway...
  Most people would look at the confirmation dialog for a tenth of a second and say, "Of course I want to read data from the charger! I plugged it into the charger, that means I want to charge! That's how charging works, right?"
18. Re:Physical Access by slim · 2013-06-03 01:20 · Score: 3, Insightful
  
  Well, there's a continuum.
  Sneaking into someone's office and putting a keylogger inline with their keyboard cable is an example of physical access making black-hat hacking easy.
  Sneaking into the same office and plugging a PwnPlug or similar into the physical network is another example.
  Those two are increasingly far from actually directly looking at filesystem blocks, but put you at an advantage compared to someone trying to get to a system from the other side of a firewall.
19. Re:Physical Access by EzInKy · 2013-06-03 01:50 · Score: 1
  
  If Apple guarantees that they will pay for any damage incurred using an Apple product then Apple would lead the market anywhere! Wake me up when this is the case.
  
  --
  Time is what keeps everything from happening all at once.
20. Re:Physical Access by AmiMoJo · 2013-06-03 01:50 · Score: 0
  
  As far as I know all other smartphones are immune to this kind of attack because they don't try to communicate with the charger. They just draw 500mA, or 1000mA if the USB data lines are shorted out. No comms at all, hence no infection vector.
  The only reason this works is because Apple put DRM in their chargers to prevent people creating cheaper clones. The charger sends an ID string back, but rather than being fixed length it is null terminated so can cause a buffer overflow.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
21. Re:Physical Access by AmiMoJo · 2013-06-03 01:52 · Score: 2
  
  Unfortunately the exploit would have already executed and started running arbitrary code by the time the ID information had been downloaded. That's how it works, it's an overflow in the ID data that the iOS device reads.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
22. Re:Physical Access by Anonymous Coward · 2013-06-03 02:00 · Score: 0
  
  Actually, yes, it does. Physical access means just that, you have *physical* access to the system.
  Being able to disassemble the system and attack it's parts individually is just one part of the spectrum of physical access.
23. Re:Physical Access by Anonymous Coward · 2013-06-03 02:04 · Score: 1
  
  Most other phones charge over USB, and a charger cable looks like a USB cable if you can't see the power supply. So no, most other phones aren't immune to this type of attack.
24. Re:Physical Access by Anonymous Coward · 2013-06-03 02:05 · Score: 0
  
  Did the thought of using a cord with the device hidden out of site not occur to you?
  Many people will just grab a cord off someone's desk to charge a phone without ever looking into what the cord is connected to.
25. Re:Physical Access by Thomasje · 2013-06-03 02:08 · Score: 2
  
  And remember, all this is to support Apple's DRM that blocks 3rd party chargers (or at least prevents them using the fast charge rate).
  Huh? I use a third-party car charger, and it fast-charges my iPhone just fine.
26. Re:Physical Access by Anonymous Coward · 2013-06-03 02:08 · Score: 0
  
  Apple, always thinking of the "customer experience" first.
  Its funny that in order to protect huge margins on devices (look how costly an apple adapter is) they introduce issues like this.
  Who uses DRM on a charger?
27. Re:Physical Access by jo_ham · 2013-06-03 02:19 · Score: 2
  
  What are you on about?
  I fast charge my iPhone with a third party charger all the time. I'd post a video of me doing it, but you'd probably dismiss it as some sort of propaganda and clearly falsified somehow.
  You might want to check on reality before you start whoring for karma with outright lies on slashdot.
  Also, not that you've been at all accurate in your post, but even if this were the case, there's a difference between a proprietary charging protocol/data exchange (the iOS device attempts to negotiate a link to iTunes when it is plugged in, and falls back to charge only mode if it senses a charger) and DRM.
  I've never had a problem with any of the third party chargers I have used, but you're at +5 informative, so I guess I'm mistaken.
28. Re:Physical Access by Anonymous Coward · 2013-06-03 02:24 · Score: 0
  
  Alternatively you could just have an AC adapter that doesn't do anything but supply electricity to charge the device?
  "dumb" ac adapters have been around for a while now.
29. Re:Physical Access by Anonymous Coward · 2013-06-03 02:50 · Score: 0
  
  USB 1 and 2 have 4 (typically, there are 5 pin micros) oins, 2 of which are power + and -, and 2 that are data. I'm willing to bet that in most phones, the 2 data pins go to nowhere, while the 2 power pins are used for charging. So yes, most phones will be immune.
30. Re:Physical Access by ArcadeMan · 2013-06-03 02:57 · Score: 1
  
  You probably use a licensed third-party car charger.
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
31. Re:Physical Access by Anonymous Coward · 2013-06-03 03:01 · Score: 3, Insightful
  
  Why would you think that? Have you never attached a smartphone to a USB host? Of course the USB data lines are connected, and of course any smartphone will respond to communication attempts from a USB host, so there is absolutely no reason why other phones should not be vulnerable to some form of attack via USB.
32. Re:Physical Access by Anonymous Coward · 2013-06-03 03:09 · Score: 1
  
  No, most phones are not immune. The apple phone was infected with a malicious charger. Any smartphone that implements the data lines (such as my GS3) of microUSB on the phone side are vulnerable to a malicious charger that decides to use the data lines.
33. Re:Physical Access by Anonymous Coward · 2013-06-03 03:20 · Score: 0
  
  Present them with the options:
  [Charge]
  [Exchange data]
  [Both]
  Easy to understand, and there's no "Yes" or "OK" for morons to blindly press.
34. Re:Physical Access by Bacon+Bits · 2013-06-03 03:32 · Score: 3, Insightful
  
  I don't know about you, but I can only use the USB port to charge my Android phone. Also, when I connect my Android phone to my computer I generally get access to the data contents of the phone (documents, music, pictures, etc.). It seems pretty trivial to devise a "charger" that steals or destroys data on any phone that connects to it.
  Data is the real treasure and thus is also the real threat of damage, but AFAIK you can also use the Android Debug Bridge to install programs to connected phones.
  
  --
  The road to tyranny has always been paved with claims of necessity.
35. Re:Physical Access by kasperd · 2013-06-03 03:40 · Score: 2
  
  can you please convince iPhone users to not plug their phone into my laptop to charge it without asking first.
  Install this exploit on your laptop, and the problem will be solved. As soon as they connect the cable, it is no longer their iphone.
  
  --
  
  Do you care about the security of your wireless mouse?
36. Re:Physical Access by BasilBrush · 2013-06-03 03:46 · Score: 1, Insightful
  
  How the hell did that get modded insightful? Android of course does data via the USB. It mounts as a drive on a PC. And you can reflash the
  rom via USB, just as you can on an iPhone.
37. Re:Physical Access by wiredlogic · 2013-06-03 03:49 · Score: 1
  
  There are more sophisticated implementations of the charging protocol that involve signaling on the data lines which is needed to get the full 2.1A or other steps in between. That being said it doesn't matter because a rogue "charging" device can have a fully functional host interface without any visual difference.
  
  --
  I am becoming gerund, destroyer of verbs.
38. Re:Physical Access by BasilBrush · 2013-06-03 03:50 · Score: 0
  
  And in what way was it not obvious for the entire history of the iPhone that it could be reflashed through the USB? The same as other phones.
  If this was an actual exploit contained in an Apple charger, then it'd be news. But doing what all of us have been doing for years via.a credit sized computer rather than a PC or Mac is not news.
39. Re:Physical Access by Enfixed · 2013-06-03 03:55 · Score: 1
  
  Apple malware... it just works! :) I'm so sad my Android phone lacks this plug and play capability, hopefully Google can hurry up and copy them.
  
  --
  Sigs are bad for you...
40. Re:Physical Access by Endo13 · 2013-06-03 03:56 · Score: 1
  
  I don't know about you, but any time I connect my Android phone to a device that tries to use the data lines in the charging cable I have to choose how my phone uses the cable.
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
41. Re:Physical Access by BasilBrush · 2013-06-03 03:56 · Score: 0
  
  Could be, but isn't. Which rather shows the amateurishness of it.
  That one has control of mobile phones, up to and including ability to flash the rom, when you get local access to the data port is not news, it's been true of pretty much all smartphones since the original Nokia communicator.
  News would be that someone has actually carried out such an exploit. Not that one is possible.
42. Re:Physical Access by Endo13 · 2013-06-03 03:57 · Score: 1
  
  Charge Only. Was that so hard?
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
43. Re:Physical Access by Richy_T · 2013-06-03 03:58 · Score: 1
  
  Android used to have that.
  Now it doesn't.
  Progress, eh?
44. Re:Physical Access by pnutjam · 2013-06-03 03:58 · Score: 1
  
  My wife's old Palm Pixi always popped something on the screen if it detected a data connection. You had to tell it whether you wanted power only, or a data connection. This was probably because it ceased to function as a phone while in data mode, but something that would be worthwhile duplicating.
  
  --
  Cheap storage VM.
45. Re:Physical Access by 0x000000 · 2013-06-03 04:04 · Score: 5, Informative
  
  This is so completely wrong that I don't even know where to begin.
  1. Apple hasn't put DRM in their chargers
  2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
  3. Apple devices are also USB devices, when they connect to a USB host (such as the BeagleBone) they communicate using standard USB, that is the only ID string that gets sent back, along with a request for at least 500 mA of power to be provided by the host.
  4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone. This is generally done during development or for example in corporate settings. These same provisioning profiles can be used to disable certain features, or set up emails accounts, wifi passwords, and all that fun stuff, you know to provision a device in a corporate scenario.
  It's a shame that your comment got voted up as informative when it contains so much mis-information.
  
  --
  cat /dev/null > .signature
46. Re:Physical Access by Anonymous Coward · 2013-06-03 04:06 · Score: 1
  
  By the time the popup appears, the phone has already been through an elaborate protocol with the USB host (laptop, PC) where it describes itself to the host. Unless that protocol handling code is flawless, the phone may be vulnerable to a similar attack, even if you don't put it in "data mode".
47. Re:Physical Access by 0x000000 · 2013-06-03 04:06 · Score: 1
  
  Why does this guy keep getting modded up to informative? There is no Apple DRM, there is no blocking of 3rd party chargers. Apple devices while charging look for certain voltages on the D+/D- lines, there is absolutely no communication between the device and the charger. The only reason there is a requirement for certain voltages on the D+/D- lines is so that the Apple device knows it is safe to pull a certain amount of amperage from the charger...
  
  --
  cat /dev/null > .signature
48. Re:Physical Access by Anonymous Coward · 2013-06-03 04:06 · Score: 1
  
  Mines from a $5 (shipped) job from Hong Kong, charges quite fast. I assure you it's not licensed, knock off lightning cable and all.
49. Re:Physical Access by BasilBrush · 2013-06-03 04:09 · Score: 0
  
  Maybe. The article says they haven't revealed the method yet.
  However, here's the answer for people who ask why Apple should patch up exploits used for jailbreaks. There are scenarios where they could be exploited by people other than the owners.
50. Re:Physical Access by BasilBrush · 2013-06-03 04:15 · Score: 3, Informative
  
  This is just nonsense. USB spec limits the power available for charging. Lots of manufacturers have handshaking going on so that when their products are used with their own chargers, they abandon the spec limits and use this own limits. There's no other way of doing it whilst staying within the USB spec. It's got fuck all to do with drm and everything to do with making sure the charge rate is safe.
51. Re:Physical Access by Anonymous Coward · 2013-06-03 04:34 · Score: 1
  
  The phone only knows to give you the option because it already had a little chat with the host. If there's a bug in the code for that chat, it's game over before you even see the popup.
52. Re:Physical Access by Anonymous Coward · 2013-06-03 04:34 · Score: 0
  
  Are you sure? Modern dell laptops occasionally refuse to recognize thier own, factory supplied, charger. "Unauthorized charger detected. Charging has been disabled." They send a carrier wave down the line that the PC detects or doesn't to disable third-party chargers. With apple redisigning their plugs I could see them wanting to monetize a monopoly on chargers for a couple of years.
53. Re:Physical Access by amicusNYCL · 2013-06-03 04:35 · Score: 3, Insightful
  
  Mines from a $5 (shipped) job from Hong Kong, charges quite fast. I assure you it's not licensed, knock off lightning cable and all.
  I'm not sure what point you're trying to argue, but it sounds like you're a perfect candidate for a charger that distributes malware. How would you know if your current charger is not sending your data back to China?
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
54. Re:Physical Access by Anonymous Coward · 2013-06-03 04:37 · Score: 0
  
  It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.
  There are much smaller OMAP 3/4 boards out there (the Beagleboard has an OMAP 3530 in it, or a version ago or two it did); here's a company I interviewed at that makes dime-sized boards with all of the same stuff on them: http://www.logicpd.com/products/.
  The OMAP uses package on package technology, so RAM, Flash, and the CPU are all taking up 15mmx15mm.
55. Re:Physical Access by smash · 2013-06-03 04:48 · Score: 2, Interesting
  
  On the contrary, most other phones simply present as a USB drive and are wide open for the pillaging.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
56. Re:Physical Access by AmiMoJo · 2013-06-03 04:49 · Score: 3, Insightful
  
  Yes, but not for charging. If you are paranoid you can buy or make a USB cable that is only for charging (data lines disconnected) and your charger will still operate normally and at full speed. If you make such a cable for your iOS device it will only charge at low speed.
  This is also notable as an example of DRM gone bad and leading to a severe security problem.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
57. Re:Physical Access by smash · 2013-06-03 04:49 · Score: 1
  
  You think it is not possible to build a charger for any other phone that reads the filesystem?
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
58. Re:Physical Access by Pubstar · 2013-06-03 04:49 · Score: 1
  
  I'm not sure if this is due to the new OS (4.1.2 or 4.2.2) or if it's just my S3 (T-999), but I no longer get that dialog box anymore. It makes the data connection immediately after being plugged in.
59. Re:Physical Access by smash · 2013-06-03 04:51 · Score: 0
  
  Except your android phone is exactly the same and even makes it easier for the malware charger as it presents pretty much everything on the phone via USB.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
60. Re:Physical Access by Endo13 · 2013-06-03 04:52 · Score: 1
  
  That sounds like incredibly poor design. Why wouldn't it just reject all attempts to send or recieve data until approval is given?
  
  --
  There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
61. Re:Physical Access by smash · 2013-06-03 04:54 · Score: 0
  
  Bullshit. It would be relatively trivial to make a charger do the same or worse to an android device as the full filesystem is there for the raping. And the control signals are there so that the phone can tell the charger what voltage to supply to best optimize charge rate and minimize battery wear. Not everything is about/caused by DRM.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
62. Re:Physical Access by AmiMoJo · 2013-06-03 04:54 · Score: 2
  
  1. Apple hasn't put DRM in their chargers
  2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
  That was the old chargers. I assume you meant 1000mA, not 100. Even then it was DRM because the standard way of doing it (which is part of the USB spec) is to tie D+ and D- together. Apple required specific voltages created by a potential divider.
  
  4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone.
  The fact that you can do that without authentication is a vulnerability. You can install Android apps that way via ADB, but only if the user has enabled USB debugging on their device. Nobody bothers to load apps that way because you can do it either via the phone or remotely via the Play website. Google don't even make an equivalent to iTunes because one isn't needed.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
63. Re:Physical Access by Pubstar · 2013-06-03 04:57 · Score: 1
  
  Yeah, but to use certain data services (like streaming or flashing ROMs) usb debugging has to be turned on. I do have mine turned on, but i most people I know don't even know about that setting.
64. Re:Physical Access by BasilBrush · 2013-06-03 05:03 · Score: 0
  
  Yes, but not for charging. If you are paranoid you can buy or make a USB cable that is only for charging (data lines disconnected) and your charger will still operate normally and at full speed. If you make such a cable for your iOS device it will only charge at low speed.
  You can repeat that as often as you like, it's still wrong. For fast charging, all you needs is a 4 resistors connected in the right way to the data pins at the USB end. No data connection is needed to the iOS device.
  http://www.epanorama.net/blog/2010/08/18/apple-charger-secrets/
  It's got fuck all to do with DRM, you are severely misinformed, or more likely just imagining how it might work rather than looking it up.
65. Re:Physical Access by dissy · 2013-06-03 05:05 · Score: 1
  
  The only reason this works is because Apple put DRM in their chargers to prevent people creating cheaper clones.
  Two resistors is hardly concidered "communications" by anyone else in any industry.
  Two resistors are also not considered "DRM" by pretty much anyone else either.
  Please try to be right when correcting someone.
66. Re:Physical Access by Anonymous Coward · 2013-06-03 05:06 · Score: 0
  
  there is absolutely no communication between the device and the charger
  Right, except for the malware that has been demonstrably loaded to a device via a modified charger. I smell Apple shills in droves on this article.
67. Re:Physical Access by Anonymous Coward · 2013-06-03 05:07 · Score: 1
  
  three words: sensationalist article headline. No, iOS wasn't hacked by a charger. It was hacked by a computer over usb. The article title is a insult to everyone's intelligence, and a blatant attempt to generate click attempts...
68. Re:Physical Access by AmiMoJo · 2013-06-03 05:08 · Score: 2
  
  The resistors were the DRM on older chargers. The standard way to signal 1A being available for charging is to tie D+ and D- together. If you check a standard 1A USB charger you will find this is the case. Only Apple products need the resistors.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
69. Re:Physical Access by AmiMoJo · 2013-06-03 05:12 · Score: 1
  
  The resistors are the old charger DRM, the new ones need comms to charge at the highest speed.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
70. Re:Physical Access by dissy · 2013-06-03 05:12 · Score: 1
  
  This is the 3rd time you have been corrected and yet keep repeating these lies.
  Apple did NOT invent the USB 2.0 spec. They had nothing to do with it beyond using it.
  Stop lying about apple inventing things they did not invent
  Stop lying about Android, with your claims that not a single android device can talk to a computer over USB.
  Stop lying about resistors being secret government microprocessors capable of complex digital communications.
  Just stop lying.
71. Re:Physical Access by coinreturn · 2013-06-03 05:13 · Score: 2
  
  It's a shame that your comment got voted up as informative when it contains so much mis-information.
  It was modded informative because the Apple-Bashing Club likes to celebrate anything that makes Apple or Apple products look bad.
72. Re:Physical Access by Anonymous Coward · 2013-06-03 05:16 · Score: 0
  
  wow, you're quite stupid. what's to stop android from charging off a SoC with a 500ma 5v usb?
73. Re:Physical Access by sessamoid · 2013-06-03 05:17 · Score: 2
  
  Damn, and me with no mod points today.
  
  --
  "No, no, no. Don't tug on that. You never know what it might be attached to."
74. Re:Physical Access by Anonymous Coward · 2013-06-03 05:31 · Score: 0
  
  No, it isn't. There's no nicer way to say this: You're lying, maliciously, to spread FUD about a product you dislike.
75. Re:Physical Access by Anonymous Coward · 2013-06-03 05:32 · Score: 0
  
  It's a USB device. That's what they do. When you plug in a USB device, the host asks it to identify itself and enumerate its endpoints. If it doesn't do that, it can't draw more than 100mA, so it better respond.
76. Re:Physical Access by scot4875 · 2013-06-03 05:34 · Score: 3, Insightful
  
  And in what way was it not obvious for the entire history of the iPhone that it could be reflashed through the USB?
  
  There's a huge difference between reflashing something and gaining root to infect an existing install.
  One is very obvious to the user because their phone is suddenly reflashed to some configuration that isn't the user's any more. The other could be incredibly subtle because there's no visible change to the user.
  It's entirely possible that a similar attack could happen to Android devices as well (for example, run an ADB instance and have it auto-install and execute something whenever it detects a device with debugging enabled. My phone would be vulnerable to this kind of attack, because for convenience, I've got it set up to auto-enter debugging mode whenever it plugs into a device. I'm willing to accept that risk, but I'm not an idiot that insists that the risk isn't there.)
  Thing is, it's just another example of how that device that you insist is so damn impregnable because it's from mother Apple can, in fact, be easily exploited. All it takes is for someone to do it. Just because it hasn't happened in the wild *yet* (that you know of) doesn't make you any safer than anyone else.
  --Jeremy
  
  --
  Jesus was a liberal
77. Re:Physical Access by AmiMoJo · 2013-06-03 05:36 · Score: 2
  
  Here is some detail on what Apple did: http://www.ladyada.net/make/mintyboost/icharge.html
  The standard way of signalling that 1A is available is to tie D+ and D- together. This is part of the USB spec. Apple went their own way so that iDevices would only draw 0.5A from these chargers. Only an Apple charger will deliver 1A to them.
  Later on Apple changed this so that their devices were compatible with 1A chargers, but only because they introduced a 2A charger and new DRM system that requires comms with the chargers.
  Essentially the policy has always been to tolerate generic USB chargers, as mandated by EU law, but not to allow them to charge at maximum speed even if they are capable of delivering 2A. Naturally other manufacturers quickly figure out how to work around the DRM, hence you can buy unlicenced 2A chargers, but every now and then Apple rolls out a new firmware update to break them. It's a bit like the jailbreaking situation - you know your efforts will be defeated so you don't reveal all your tricks at once.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
78. Re:Physical Access by Anonymous Coward · 2013-06-03 05:39 · Score: 1
  
  In order for any content to be loaded over Android's USB Mass Storage, you have to unlock the phone and click "I want to use my phone as USB Mass Storage" button. Otherwise, you get an empty drive. Unless you're aware of a bug in the tried-and-true-for-the-past-decade-and-then-some USB protocol, then this attack vector is not allowed.
79. Re:Physical Access by AmiMoJo · 2013-06-03 05:40 · Score: 2
  
  Try reading the USB Battery Charging Specification. Wikipedia has a summary.
  Basically a normal port can supply 500mA. Dedicated charging ports can supply up to 1.5A through a standard A/B connector or IIRC 2.2A through Micro USB. The standard defines a way to signal that the port is a high current charging port.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
80. Re:Physical Access by Anonymous Coward · 2013-06-03 05:41 · Score: 0
  
  Because people are stupid and can't/won't read. We've established this over the years with "OMG, THIS WILL INFECT YOUR COMPUTER ARE YOU SURE OMG!!!!". Uhh, yes!
  Why do you think APL's done so well. They treat their users are fucking idiots and they get praised for it, all the while raping their privacy / user-data, abusing their lock-in power... all without letting them know by simply not telling them.
81. Re:Physical Access by Anonymous Coward · 2013-06-03 05:45 · Score: 0
  
  Why are we talking about chargers?
  The vulnerability is when you plug in the device to something masquerading as a charger. The DRM being referred to is the DRM / ID chip required for all APL compatible devices (speaker docks and the like) so that they can charge a premium on it. The thing you point out in #3, this *IS* the vulnerability.
  Also, #4, what kind of idiot device would allow you to change everything onto the phone just by plugging it in?!!?
82. Re:Physical Access by Anonymous Coward · 2013-06-03 05:49 · Score: 1
  
  I'll bet you haven't used most other phones.
  No phones that I've ever used has presented the contents of the whole phone in it's typical-user state (if you enable Android Debug, it even warns you that it gives complete access, and isn't meant for normal running).
  Notably, I've never seen ANY device offer up it's internal memory. You won't be able to side-load nor access any application data. Worst case? Your music and pictures (if it's set to put to the memory card, which a lot of phones do NOT do by default) are at risk, but that's what's done on an i device.
83. Re:Physical Access by Anonymous Coward · 2013-06-03 05:58 · Score: 0
  
  LOL, you've never used an Android device, have you?
84. Re:Physical Access by MerlynDavis · 2013-06-03 06:01 · Score: 1
  
  Where's your source on that?
  I use non-apple chargers all the time for my iphone charging...they work just fine.
  
  --
  -merlyn
85. Re:Physical Access by Anonymous Coward · 2013-06-03 06:22 · Score: 0
  
  Mine doesn't (Galaxy Nexus on 4.2.2). I have to unlock the screen for the phone to initiate data connections over USB.
  Also, ADB is now public key authenticated -- You have to unlock the device and accept the public key of the other machine, if you have ADB on in the first place (defaults to off).
86. Re:Physical Access by chrism238 · 2013-06-03 06:27 · Score: 2
  
  I'm not sure what point you're trying to argue, but it sounds like you're a perfect candidate for a charger that distributes malware. How would you know if your current charger is not sending your data back to China?
  Mine certainly isn't, as I always wear my tin-foil hat while charging.
87. Re:Physical Access by romiz · 2013-06-03 07:00 · Score: 1
  
  the confirmation dialog would have to present some identifying information about the device
  It's not really possible with USB out of the box. In this case the charger is the host, and is at the origin of all transactions. You need to add another layer over the existing protocols to require the host to give some credentials, before changing the device profile and exporting the interesting interfaces. This means a new WHQL certification / kernel update for your drivers, and ensures that it will not happen immediately.
88. Re:Physical Access by petermgreen · 2013-06-03 07:25 · Score: 1
  
  At least on my HTC phone you can either permanently set how you want it to appear to a USB host device or you can have it ask every time.
  Even if you set it to "charge only" it still has to negotiate to comply with the USB spec. A bug in the USB negotiation code could leave things wide open.
  And of course there is no gaurantee that people won't set their phones to default to something other than charge only. A malicious charger isn't an attack vector that most people will be thinking about.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
89. Re:Physical Access by picosecond · 2013-06-03 08:01 · Score: 2
  
  It's entirely possible that a similar attack could happen to Android devices as well (for example, run an ADB instance and have it auto-install and execute something whenever it detects a device with debugging enabled. My phone would be vulnerable to this kind of attack, because for convenience, I've got it set up to auto-enter debugging mode whenever it plugs into a device. I'm willing to accept that risk, but I'm not an idiot that insists that the risk isn't there.)
  That's why ADB is only meant to be enabled when doing development and there are clear warnings when you enable it, telling you that the mode is dangerous. If you leave it enabled when connecting to untrusted devices, then the fault is entirely with you. And most people don't ever use ADB, so this would be irrelevant for them.
90. Re:Physical Access by picosecond · 2013-06-03 08:06 · Score: 1
  
  The attacker does not have physical access, unless you count a cable going from device A to device B as "physical access". And if that's the case then on any wired network everybody has "physical access" to anybody else on the network. Does my ISP have "physical access" to my modem because there is a cable from their equipment to the modem?
91. Re:Physical Access by picosecond · 2013-06-03 08:20 · Score: 1
  
  This is not true for the majority of the recent smartphones. First, being able to load an arbitrary image over the USB connection requires unlocking of the bootloader, which only a very small fraction of the people do. And even with an unlocked bootloader, you have the reboot the phone into a special mode before it will accept anything to be flashed, so just plugging it into a malicious usb host, while the phone is running the OS will not allow that.
92. Re:Physical Access by picosecond · 2013-06-03 08:32 · Score: 1
  
  This is completely wrong. Android devices will not offer the filesystem, unless you choose to do that on the phone. By default the only communication with the host is for device identification and for charging current negotiation, so the only way to do anything would be if you found a bug in those.
93. Re:Physical Access by BasilBrush · 2013-06-03 09:13 · Score: 2
  
  Try reading the USB Battery Charging Specification.
  ... of 2007. Apple's more configurable set of charging states dates back to when the iPod could be charged from USB - 2003.
  There was no standard for fast charging when Apple designed it.
94. Re:Physical Access by BasilBrush · 2013-06-03 09:28 · Score: 1
  
  Only Apple had implemented USB fast charging 4 years before the standard you are referring to came out.
95. Re:Physical Access by 0x000000 · 2013-06-03 09:42 · Score: 1
  
  You seem to have lost the ability to read. No, I was specifically stating 100 mA, that is the max any USB device is allowed to pull from any charger or device it is plugged into, UNLESS it asks the host for more OR the D+/D- lines have specific voltages/are shorted.
  Apple requires specific voltages precisely because the standard of just shorting the D+/D- lines don't provide enough information. Just how much current should an iPad attempt to pull from a charger that has the D+/D- lines tied together? It can be unsafe for a device to pull more amps than a power supply can provide for a variety of different reasons, especially with switch mode power supplies.
  ---
  As for your last point, while you and I may agree on one thing, that it is is a vulnerability and it should get fixed, it isn't a classic vulnerability. It doesn't take advantage of bad coding practices, there is no buffer overrun, or null terminated string vulnerability which is what you were referring to in your original post.
  
  --
  cat /dev/null > .signature
96. Re:Physical Access by brantondaveperson · 2013-06-03 10:00 · Score: 1
  
  There is nothing in your linked article to suggest that Apple are using DRM in any form in any of their chargers.
97. Re:Physical Access by brantondaveperson · 2013-06-03 10:02 · Score: 1
  
  There is no communication with the chargers, save the presence of a resistive divider in the charger to indicate its power output.
  However, and this is a distinction that you appear to unable to grasp, everything charges via the data cable these days. Which means, Apple device or otherwise, when you plug into a charger you're plugging into a data cable and thus it's probably going to game over if someone really wants to try.
98. Re:Physical Access by Anonymous Coward · 2013-06-03 10:04 · Score: 0
  
  Stop lying about resistors being secret government microprocessors capable of complex digital communications.
  Well, I work for the government and I'm getting a kick out of these replies.
99. Re:Physical Access by charles2678 · 2013-06-03 10:32 · Score: 1
  
  I doubt that any other smartphone OS is immune to this kind of attack, however.
  This kind of attack is exactly why Android 4.0 introduced public-key authentication (with manual whitelisting) for USB debug access.
100. Re:Physical Access by Eythian · 2013-06-03 14:29 · Score: 1
  
  I only get any data transference if the screen is unlocked when I plug it in.
101. Re:Physical Access by Eythian · 2013-06-03 14:40 · Score: 1
  
  Android 4.2+ does a key verification thing for USB debugging. Basically you have to confirm a fingerprint when you plug it into a computer it hasn't seen before before ADB will work. Obviously, the confirmation can only happen when the screen is unlocked.
102. Re:Physical Access by Plumpaquatsch · 2013-06-04 20:54 · Score: 1
  
  As far as I know all other smartphones are immune to this kind of attack because they don't try to communicate with the charger. They just draw 500mA, or 1000mA if the USB data lines are shorted out. No comms at all, hence no infection vector.
  The only reason this works is because Apple put DRM in their chargers to prevent people creating cheaper clones. The charger sends an ID string back, but rather than being fixed length it is null terminated so can cause a buffer overflow.
  And as with most things you "know", you are wrong. http://managedsolutions.com/tag/juice-jacking/
  
  While it sounds like a way criminals might steal electricity it is actually how criminals can use charging kiosks to install malware on your portable devices. A charging kiosk is a public resource for charging your USB capable devices such as your Android Phone or iPhone.
  If anything, iPhones are actually less vulnerable because (as you keep pointing out) they don't use the standard USB for charging. Of course that isn't actually true, but mostly because you are again wrong.
  
  --
  Of course news about a fake are Fake News.
103. Re:Physical Access by Enfixed · 2013-06-06 05:44 · Score: 1
  
  By default most Android phones don't do anything by default but charge until you select a connection option. Go play with one, you might like it. :)
  
  --
  Sigs are bad for you...
Connectors by Nerdfest · 2013-06-03 00:13 · Score: 5, Funny

I consider any charger with one of those proprietary connectors a 'malicious' charger.
1. Re:Connectors by Anonymous Coward · 2013-06-03 01:19 · Score: 0
  
  I consider any charger with one of those proprietary connectors a 'malicious' charger.
  TFS:
  
  The malware-loaded USB plug...
  So you're good!
2. Re:Connectors by Anonymous Coward · 2013-06-03 01:24 · Score: 1
  
  In other news, the US just loosened restrictions on the export of iPhones to countries like Iran. This is great news for the CIA. I bet the Iranian nuclear workers will have their free iPhones by the end of the week!
Power-only cable... by fuzzyfuzzyfungus · 2013-06-03 00:15 · Score: 2

It's a pity that the 'lighting' connector's dependence on an in-cable processor likely makes it more complex to use the old power-only mod...
Not all USB devices play nicely(some phones require either a full USB host or some goofy resistor-coding nonsense on the data pins, and some USB hosts don't power USB ports, or only provide 100ma, unless the USB peripheral negotiates appropriately on the data pins); but it is generally possible(sometimes with resistor hackery, and for 'dumb' chargers and USB ports that don't need negotiation for power) to use a USB cable with the data lines cut and just power and ground attached for charging. Certainly the only thing I'd trust when plugging into some arbitrary port...
1. Re:Power-only cable... by Anonymous Coward · 2013-06-03 01:11 · Score: 1
  
  I'm not entirely sure what you are complaining about here. The USB standard specifies that the device may not use more than 100mA without negotiation for more first, those that don't aren't USB compliant.
  The 'goofy' resistor coding (A 0 ohm resistor between D+ and D-) on data pins is also part of the USB standard and is there to allow for 'dumb' chargers to be able to inform the device that they are in fact dumb chargers. In this case the device may use up to 1.8A without negotiation.
  Since cheap hosts just uses a PTC fuse at ~500mA instead of monitoring the current a 'hacky' device might try to charge with 500mA if it can't detect a connection between D+ and D- but a well designed host should consider this as an error and disconnect the power to prevent overheating from short circuits.
2. Re:Power-only cable... by Anonymous Coward · 2013-06-03 01:25 · Score: 0
  
  No, the resistor coding is definitely goofy. There are many more resistor values between other pins to indicate things like USB-OTG modes. One can only hope that the high power USB standard will for once do the right thing and require active power negotiation for all modes.
3. Re:Power-only cable... by tlhIngan · 2013-06-03 04:15 · Score: 2
  
  It's a pity that the 'lighting' connector's dependence on an in-cable processor likely makes it more complex to use the old power-only mod...
  You still can do it - you're working with the regular USB cable (the A plug) side still.
  The coding exists on the other end and does nothing.
  This hack is NOT about a charger. The hack is basically saying someone could hide a regular computer inside a charger. So when you plug into the USB plug, you're actually establishing a sync connection, not just a power connection. (Lighting to USB is actually a very basic connection that many people have reversed engineered).
  Instead of being a dumb charger with a few pins pulled certain ways, you're actually plugging into a PC that says "go ahead, charge at 1A/2A" while doing stuff over USB to the attached device.
  So the real issues is that these guys found a way to inject software onto it - less a charger security hole and more a regular iOS USB security hole.
4. Re:Power-only cable... by chrism238 · 2013-06-03 06:30 · Score: 1
  
  So the real issues is that these guys found a way to inject software onto it - less a charger security hole and more a regular iOS USB security hole.
  So wonder if this could be a new jailbreaking vector?
5. Re:Power-only cable... by Anonymous Coward · 2013-06-03 10:59 · Score: 0
  
  Only good for the current iOS version since the researchers already contacted Apple about it. The next update is sure to have a fix for this as Apple has likely already imagined the jailbreak possibilities this creates.
Public chargers by MavEtJu · 2013-06-03 00:16 · Score: 2

Mental note: Don't use these public chargers anymore...
(Google for "iphone charging point airport")

--
bash$ :(){ :|:&};:
1. Re:Public chargers by CyberSlugGump · 2013-06-03 00:50 · Score: 3, Informative
  
  Or carry a modified cable where the USB power wires are connected but the data wires are not.
  
  If you don't want to DIY, take a look at this sync cable (iPhone 4S or earlier) which has an extra end for only charging.
2. Re:Public chargers by AmiMoJo · 2013-06-03 01:45 · Score: 2
  
  But then your device only charges at 500mA. An iPad is capable of charging at up to 2A, and at only 500mA it won't even be able to maintain the battery level.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:Public chargers by Anonymous Coward · 2013-06-03 03:10 · Score: 0
  
  If you short cut d+ and d- in your cable, the device should detect this as a charger according usb charger class spec.
  So you could charge at more than 500mA without giving data to charger
4. Re:Public chargers by swb · 2013-06-03 04:23 · Score: 1
  
  My experience has been that the low current power adapters will charge the iPad with the screen locked. It's glacially slow, but it will charge.
  I don't know about in use.
5. Re:Public chargers by Anonymous Coward · 2013-06-03 05:25 · Score: 0
  
  Or carry a modified cable where the USB power wires are connected but the data wires are not.
  I had the same thought, but then I realized: if you're carrying a special cable to pipe power through, why not just carry, you know, a charger for your phone?
Years old by zakeria · 2013-06-03 00:20 · Score: 1

I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.
1. Re:Years old by fuzzyfuzzyfungus · 2013-06-03 00:26 · Score: 4, Funny
  
  I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.
  Wow, a sleazy USB device from China that has more flash memory than the specs indicate, rather than substantially less? Where can I find this miraculous creature?
2. Re:Years old by Anonymous Coward · 2013-06-03 00:28 · Score: 0, Flamebait
  
  I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.
  That is obviously a PC problem... on the other hand Apple products, chargers etc. are all made in the US.
3. Re:Years old by The+MAZZTer · 2013-06-03 00:45 · Score: 1
  
  Windows doesn't let this happen anymore. USB devices can't do autorun now.
4. Re:Years old by Anonymous Coward · 2013-06-03 00:52 · Score: 0
  
  Yea but USB devices can still provide keyboard functionality ... autorun not working is moot
5. Re:Years old by Anonymous Coward · 2013-06-03 00:54 · Score: 0
  
  That is obviously a PC problem... on the other hand Apple products, chargers etc. are all made in the US.
  Wait, what?
  Foxconn/Hon Hai make Apple products in China. When I last checked, the US wasn't part of China. Yet.
  Reference: http://wiki.answers.com/Q/Where_is_the_apple_factory
  ps: responding as ac due to laziness (and the apple fanboy/sales employee posted AC so two wrongs make it right, right?
6. Re:Years old by Anonymous Coward · 2013-06-03 01:13 · Score: 0
  
  and the apple fanboy/sales employee posted AC so two wrongs make it right, right?
  Correct, carry on.
7. Re:Years old by Anonymous Coward · 2013-06-03 01:23 · Score: 0
  
  Yea but USB devices can still provide keyboard functionality ... autorun not working is moot
  So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?
8. Re:Years old by jeffmeden · 2013-06-03 01:39 · Score: 1
  
  Yea but USB devices can still provide keyboard functionality ... autorun not working is moot
  So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?
  Start key > cmd (return) > [flashdrive]:\malware.exe (return)... (yes to dialog box)... (yes to "are you SURE SURE" dialog box)...
9. Re:Years old by Anonymous Coward · 2013-06-03 01:43 · Score: 0
  
  Admit it, you are an an agent of (USB) BATman!
10. Re:Years old by Anonymous Coward · 2013-06-03 01:44 · Score: 0
  
  Um, yes? Next question.
11. Re:Years old by Anonymous Coward · 2013-06-03 01:50 · Score: 0
  
  Spooky. And when the UAC screen pops-up, does this magical keyboard also enter my password?
12. Re:Years old by fuzzyfuzzyfungus · 2013-06-03 01:51 · Score: 1
  
  So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?
  I suspect that someone feeling clever could probably encode some malware such that it could be transferred and executed entirely with default system utilities and keystrokes, or they could use emulated keystrokes to execute a binary located on a USB MSC filesystem(they still automount by default, and guessing the drive letter prepend should only take a few seconds). Grabbing a payload from a malicious URL is also an option, if you are willing to risk the target not having internet access.
  For promotional purposes, they make a rather similar device that emulates a keyboard and opens an arbitrary URL when inserted. For something that is such a terrible idea, they seem surprisingly popular, even with companies who really ought to know better.
13. Re:Years old by Anonymous Coward · 2013-06-03 02:14 · Score: 0
  
  they can if they pretend to be a usb conencted CD/DVD drive
14. Re:Years old by Anonymous Coward · 2013-06-03 02:56 · Score: 0
  
  Wooooooooooooosh
15. Re:Years old by Anonymous Coward · 2013-06-03 03:00 · Score: 0
  
  When I last checked, the US wasn't part of China.
  It's the other way around. With the USA crumbling into incredible debts, they will be owned by China in a few years.
16. Re:Years old by Anonymous Coward · 2013-06-03 03:55 · Score: 0
  
  http://hakshop.myshopify.com/products/usb-rubber-ducky
17. Re:Years old by Anonymous Coward · 2013-06-03 04:39 · Score: 0
  
  No, dummy. It uses an exploit to bypass that.
18. Re:Years old by smash · 2013-06-03 04:57 · Score: 1
  
  No but the BIOS may be set to boot from it.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
19. Re:Years old by smash · 2013-06-03 04:58 · Score: 1
  
  Maybe? It could have snooped that at the login window?
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
20. Re:Years old by Anonymous Coward · 2013-06-03 15:34 · Score: 0
  
  Whoa! So even though I don't ordinarily log-in as Admin, this keyboard will STILL know my admin password.
  Fan-freakin-tastic! Where can I buy one?
This Responsible Disclosure is very irresponsible by Quick+Reply · 2013-06-03 00:22 · Score: 1

They should have saved this exploit for jailbreaking than to report it, comsidering the chances of an in-the-wild infection are low. Public charge stations are quite uncommon.
Re:This Responsible Disclosure is very irresponsib by stoolpigeon · 2013-06-03 00:32 · Score: 3, Informative

No they aren't. With charging kiosks in malls and such, like these or these I would say that they are pretty common.

--
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Legal team by whargoul · 2013-06-03 00:41 · Score: 1, Flamebait

We've seen how this plays out in the past. The first contact Apple is going to make is with their legal team to sue those researchers out of existence. How dare they discover a hole and tell them about it.
1. Re:Legal team by AC-x · 2013-06-03 02:00 · Score: 1
  
  Can you show a single previous instance of Apple suing a security researcher? I certainly can't find anything.
2. Re:Legal team by jo_ham · 2013-06-03 02:23 · Score: 1
  
  You're going to need to provide some proof of that.
  Also, you'll have to explain the many hundreds of entries in Apple's own kb entries going back many years for security updates where they specifically mention third parties who have identified security holes that are fixed in that particular update. I assume they thanked them for finding the hole and *then* sued them out of existence? Or do they sue first, then personally thank them? Not sure how it works, but since you seem to be an expert on this, I'll bow to your knowledge.
3. Re:Legal team by Skapare · 2013-06-03 02:49 · Score: 1
  
  The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do.
  Well, that seems to be simple ... Apple will just never contact them.
  
  --
  now we need to go OSS in diesel cars
4. Re:Legal team by BasilBrush · 2013-06-03 04:20 · Score: 1
  
  He doesn't need to. He's decided that Apple is evil, and he's thought of something that an evil company could do. Therefore, apple does it. No evidence required.
Been done before by erroneus · 2013-06-03 00:43 · Score: 1

Didn't they do this last year? Provide a charging kiosk which was able to (as a proof of concept) infiltrate the devices plugged into it?
Can this be used to unlock locked devices? by couchslug · 2013-06-03 00:43 · Score: 1

Inquiring minds want to know.

--
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
"Power Only" USB Cables by fazookus · 2013-06-03 00:51 · Score: 1

I believe there are iDevice cables that don't carry data, only power. If not, there's http://www.kickstarter.com/, I'll take my usual 15%
1. Re:"Power Only" USB Cables by Anonymous Coward · 2013-06-03 01:17 · Score: 0
  
  i believe the lightning connector doesn't allow for this. there is a chip inside that has to communicate with the phone to allow it to work (if i recall correctly). so, yeah, there are cables that carry only power (through me for a loop when i was trying to root my android device and couldn't for the life of me figure out why my phone wasn't being seen by the PC, but was being charged... gotta keep better track of my cables), but they'll only work on 4S and earlier if i'm not mistaken.
2. Re:"Power Only" USB Cables by jo_ham · 2013-06-03 02:26 · Score: 1
  
  Yes, but without the data pins the iPhone is going to follow the USB spec, which will limit it to 500 mA (or even less - I forget what the protocol specifies if the data pins are absent. There's a bunch of things you can do to show it's a charger, like shorting the pins at a particular resistance). If you want the full charging spectrum, the two devices need to communicate, but clearly this introduces a security issue.
3. Re:"Power Only" USB Cables by BasilBrush · 2013-06-03 04:26 · Score: 1
  
  The data pins are needed, but they don't need to be connected to the iPhone end. They just need certain resistors attaching from those pins to +5 and gnd.
  Animojo is spreading fud to the contrary elsewhere in comments to this story, but it's not true.
4. Re:"Power Only" USB Cables by Anonymous Coward · 2013-06-03 05:43 · Score: 0
  
  Damn. Hadn't seen jo_ham in a long time; thought that maybe that douche had left so we could be free from his/her/its sycophantic Apple love. Now we've got BasilBrush and jo_ham in nearly every thread on this topic predictably trying to sweep yet another Apple flaw under the rug. Hooray.
So... by bfmorgan · 2013-06-03 01:18 · Score: 2

Always practice "Safe Charging"

--
I hope this caused some synapses to fire.
No secret stuff by Anonymous Coward · 2013-06-03 01:19 · Score: 0

It exploits a weakness in the AFC protocol. Should be pretty easy to fix.
BTW: it transfers data, until now it's not sure if an app could be executed that way on an unjailbroken (?) iPhone as it is not signed. To say an iPhone is actively infected is a bit speculative.
1. Re:No secret stuff by hcs_$reboot · 2013-06-03 01:54 · Score: 1
  
  Once I went to an Apple Store to have them check my iPhone. The guy plugs my iPhone into his laptop and immediately all my pictures appeared on his screen... a bit embarrassing. That was 2 years ago - today, maybe the iPhone is less prone to divulge its information..
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
2. Re:No secret stuff by Anonymous Coward · 2013-06-03 01:59 · Score: 0
  
  Apple geniuses have special diagnostic software. Why are you surprised???
3. Re:No secret stuff by hcs_$reboot · 2013-06-03 02:38 · Score: 1
  
  3 '?' to underline your question, what a waste of characters... The guy didn't even start his diag soft - that was simply iPicture or iPhoto or iDontremember what exactly.
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
4. Re:No secret stuff by Anonymous Coward · 2013-06-03 04:16 · Score: 0
  
  Once I went to an Apple Store to have them check my iPhone. The guy plugs my iPhone into his laptop and immediately all my pictures appeared on his screen... a bit embarrassing. That was 2 years ago - today, maybe the iPhone is less prone to divulge its information..
  iOS devices emulate a digital camera when plugged into USB (so it will work with Picasa or iPhoto or whatever) with pictures in your Camera Roll.
  Basically, it works the same way as any other camera in existence.
Huh? by Anonymous Coward · 2013-06-03 01:23 · Score: 1

When did TI buy the Beagleboard and start selling it?
http://beagleboard.org/ is the REal thing and they dont seem to act like TI bought them.
And I cant buy one from TI 's store, it redirects me to Beagleboard.com
1. Re:Huh? by Anonymous Coward · 2013-06-03 02:14 · Score: 0
  
  Yes, that's misleading. The main component on the Beagleboard is a TI chip though.
are we surprised? by houbou · 2013-06-03 02:20 · Score: 1

If your device's connection can do both charging and data transfers, then it's only normal that it can be vulnerable to hacking via anything which connects to its port. Now, some USB cables only transfer power and that MIGHT be a saving grace, but the again, for the most part, a charger that can deliver malware would be no different than a device connected to a PC's USB port, even if only for the purpose of charging the device. Nothing would stop some malware from detecting the device and upload some crap.
This was disclosed ages ago by Anonymous Coward · 2013-06-03 02:24 · Score: 0

A researcher posted a proof-of-concept of breaking in through the battery interface a year ago. Not much of a stretch to see how the power system could be used for exploits.
Inductive charging by bored · 2013-06-03 02:25 · Score: 4, Interesting

What amazes me is that inductive charging hasn't taken over. I was a skeptic, when I got my touchpad a couple years ago. The ability to just drop the pad on a dock without worrying too much about positioning/etc quickly sold me on the idea. Same thing with the veer I purchased as well. Just drop it on the dock and the magnets align it.
Now every-time I plug in the wifes ipad, or android phone I cringe. Small easily broken connectors are something that should be a last resort.
Oh, and the touchpad prompts the user before allowing communication on the USB port.
1. Re:Inductive charging by DNS-and-BIND · 2013-06-03 04:01 · Score: 1, Insightful
  
  Inductive charging is highly wasteful. Imagine if millions of people switched. Good thing we're not all as selfish as you.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
2. Re:Inductive charging by 0x000000 · 2013-06-03 04:09 · Score: 1
  
  The biggest problem I have with my Touchpad (I own one too) is that when inductively charging it won't charge nearly as fast, and I've had plenty of times where it has been sitting on the inductive charger for a day or so, and I pick it up and 20 minutes later the battery is dead. Whereas charging it over USB seems to always charge it fully and properly.
  
  --
  cat /dev/null > .signature
3. Re:Inductive charging by bored · 2013-06-03 04:21 · Score: 4, Interesting
  
  Inductive charging is highly wasteful.
  Dock based, inductive charging is ~85% efficient, due to being something like 5mm of separation between the coils, running at very high frequency, and being actively controlled. So, this isn't your granddaddy's wireless power fantasies.
  The loses in the 50% efficient wall warts shipping on most android phones are a worse problem.
4. Re:Inductive charging by bored · 2013-06-03 04:33 · Score: 1
  
  Are you using a 3rd party case? I have the HP case and it works fine, although I've heard of people having issues with other cases. I also think there was a bad firmware version in there that screwed up the inductive charging, I would make sure your not running that version.
  With mine, I put it on the base and make sure I hear it go boing and then forget about it. If it doesn't go boing (or sometimes goes boing more than once) I do a better job positioning it on the charger. That is what is nice about the veer, it sort of sucks itself into place with the magnets.
  Of course, YMMV is sort of the trend with the touchpad, and to be expected from a 1st gen device dropped a few weeks after release. My touchpad needs fairly regular reboots because it has the sound corruption bug, plus if I leave a bunch of cards open for a couple weeks it seems like it leaks memory so that I get the "to many cards open message" even when I don't have any open.
5. Re:Inductive charging by xbytor · 2013-06-03 05:26 · Score: 1
  
  What about this new microwave oven technique I've heard of for recharging iPhones?
6. Re:Inductive charging by Anonymous Coward · 2013-06-03 06:13 · Score: 0
  
  Cell phones are highly wasteful. Imagine if millions of people started using cell phones. Good thing we're not all dicks like you.
7. Re:Inductive charging by Anonymous Coward · 2013-06-03 06:48 · Score: 0
  
  From what I've observed, it's a social experiment to gauge how misled different user types are, some of which more easily influenced than others. Your lack of hardware distinction (or exclusivity thereof) would be considered relevant data.
  tldr macfags 2ez2troll
8. Re:Inductive charging by Anonymous Coward · 2013-06-03 06:59 · Score: 0
  
  Nothing to do with being wasteful, just an idiotic technology that takes space which can be better used for larger batteries or thinner phones.
  Just like all stupidly hyped wireless technologies like NFC and RFID.
sharing more details? by Skapare · 2013-06-03 02:50 · Score: 1

The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do.
With this attitude, don't expect Apple to ever contact them.

--
now we need to go OSS in diesel cars
1. Re:sharing more details? by recoiledsnake · 2013-06-03 03:57 · Score: 1
  
  I think the "aren't sharing the details" refers to sharing details with the public till Apple rolls out a fix, not Apple.
  
  --
  This space for rent.
Nothing new here, moving on by Anonymous Coward · 2013-06-03 02:55 · Score: 0

I wish this potentially malicious behavior was new or novel. Malicious mobile power stations have already been done. See http://securesql.info/cracks/2013/5/7/2q35is1o62y86fqqo84es5efzygur4 for additional details and a picture where people are getting owned.
Meanwhile, at MIT, CalTech, UIUC... by Anonymous Coward · 2013-06-03 03:28 · Score: 0

... and other actual, reputable schools, research continues on things that actually matter.
1. Re:Meanwhile, at MIT, CalTech, UIUC... by Anonymous Coward · 2013-06-03 04:52 · Score: 0
  
  Indeed, Georgia Tech might once again be considered a good school if they quickly get back on focus and stop trying to become "that school where all of those Apatow movies were filmed."
  Otherwise, they'll just keep churning out useless garbage like this.
Smart chargers by Anonymous Coward · 2013-06-03 03:45 · Score: 0

Ya know, I can't help but think if we weren't so busy trying to force people to buy an "approved charger" this wouldn't be an issue. Seriously. Put the charging smarts in the phone, and don't allow data exchange with the charger. This issue magically disappears.
1. Re:Smart chargers by PPH · 2013-06-03 03:58 · Score: 1
  
  Actually, its a dumb charger. This exploit just uses the fact that a USB 'charging' port also accepts USB data. And one can't easily tell whether or not a charger will be delivering 5 volts (as intended) or conceals USB memory or even an active host.
  
  --
  Have gnu, will travel.
Told you that in 2009 by Animats · 2013-06-03 04:08 · Score: 2

I warned about that in 2009.
We warned you. You didn't listen. Now suffer.
The "charger" part of this is just decoration by joh · 2013-06-03 04:47 · Score: 2

Some people seem to miss this, so: This is just an exploit over USB. The fact that the code runs on Linux that runs on a small board that you could integrate into a (somewhat bulky) "charger" has nothing to do with what is happening here.
The only REALLY interesting thing here is that they seemingly have found a new exploit for iOS. Because, believe it or not, up to now the latest iOS version is watertight, there is no way to access data on the phone via USB (or any other means) or install software on it.
At least this could mean that there will be a Jailbreak for the latest iOS sooner or later. Well, at least if someone manages to turn this exploit into some jailbreak app before Apple fixes this exploit with an update to iOS.
Dumb chargers? by Bert64 · 2013-06-03 05:38 · Score: 2

It seems you run a usb based exploit against the phone, in the same way that several jailbreaks have worked in the past...
The key problem here seems to be that the charger and the data port are combined, if you were to provide an ability to split the two then such attacks would be infeasible. As it stands, various public places provide phone chargers which would be risky to use, whereas if they could only provide power the risk would be significantly lower (they could still provide an extremely high current to intentionally destroy your phone).

--
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
1. Re:Dumb chargers? by joh · 2013-06-03 06:15 · Score: 1
  
  If this threat becomes real (that is if Apple doesn't fix the bug that enables the exploit very soon) you could build an smart adapter that makes sure that only power gets through and no data. If you think that enough people care about that go to Kickstarter and get rich.
Workaround (from PairLock page) by rsborg · 2013-06-03 09:17 · Score: 2

Any time you plug your iOS device into another computer, this trusted pairing relationship gets automatically created within seconds. The only time this doesn’t occur is if the device is locked with a PIN – and I mean really locked; if you have anything other than “Require Passcode: Immediately” set, then it will remain unlocked for a while even after you shut off the screen.
So if you're in unknown territory, set a passcode and put it on immediate expiration, and you can be a bit more cavalier. It's too bad Apple doesn't allow you iOS to into "turtle mode" so that you can force this behavior at will, while keeping a more pragmatic stance (say 5m lock timeout).

--
Make sure everyone's vote counts: Verified Voting
This is great! A real problem with iDevices... by bennomatic · 2013-06-03 09:26 · Score: 0

...and the story has less than 200 comments hours later.

Meanwhile, any normal story about Apple doing some perceived, intangibly wrong thing usually gets 500 or more.

--
The CB App. What's your 20?
awesom for airports by Anonymous Coward · 2013-06-03 09:32 · Score: 0

Airport Charging Station.
why need a charger ? by Anonymous Coward · 2013-06-04 01:52 · Score: 0

why would one need a charger if you have usb connection from pc
Question by Anonymous Coward · 2013-06-04 06:21 · Score: 0

Is this much different from Juice Jacking?
Simple solution. Carry Charger with you. by aristotle-dude · 2013-06-04 08:19 · Score: 1

Step 1. Take out your own charger.
Step 2. Plug charger into regular electrical outlet.
Most lounges have regular power outlets that you can use. The United Club at O'Hare certainly did.

--
Jesus was a compassionate social conservative who called individuals to sin no more.
Apple Hacked by tomhorn · 2013-06-04 08:33 · Score: 1

Human are eventually smarter than computers so far. Anything can be hacked even Apple

[url=http://www.purewaterhq.com]PureWaterHQ[/url]
good i hate apple all the rich use them because th by wilfredsatan · 2013-06-04 23:24 · Score: 1

No use writing here they censore it for some bullshit about account preferences.