Slashdot Mirror
Researchers Infect iOS Devices With Malware Via Malicious Charger
Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple's iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they're calling 'Mactans' after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do."
This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior. For the Olympic Games in London, Vodafone fitted 1000 taxis with mobile phone chargers.
No they aren't. With charging kiosks in malls and such, like these or these I would say that they are pretty common.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
And remember, all this is to support Apple's DRM that blocks 3rd party chargers (or at least prevents them using the fast charge rate).
Providing phone chargers is a common courtesy in some countries, e.g. Japan. Most hotels and bars will have a load of chargers behind the front desk to lend out, for example.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Or carry a modified cable where the USB power wires are connected but the data wires are not.
If you don't want to DIY, take a look at this sync cable (iPhone 4S or earlier) which has an extra end for only charging.
I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?
Because you have to jailbreak in order to use PairLock? And um, jailbreaking is bad, mmkay?
This is so completely wrong that I don't even know where to begin.
1. Apple hasn't put DRM in their chargers
2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
3. Apple devices are also USB devices, when they connect to a USB host (such as the BeagleBone) they communicate using standard USB, that is the only ID string that gets sent back, along with a request for at least 500 mA of power to be provided by the host.
4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone. This is generally done during development or for example in corporate settings. These same provisioning profiles can be used to disable certain features, or set up emails accounts, wifi passwords, and all that fun stuff, you know to provision a device in a corporate scenario.
It's a shame that your comment got voted up as informative when it contains so much mis-information.
cat
This is just nonsense. USB spec limits the power available for charging. Lots of manufacturers have handshaking going on so that when their products are used with their own chargers, they abandon the spec limits and use this own limits. There's no other way of doing it whilst staying within the USB spec. It's got fuck all to do with drm and everything to do with making sure the charge rate is safe.