Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Infect iOS Devices With Malware Via Malicious Charger

Posted by timothy on from the nobody-wants-some-iphone-with-a-social-disease dept.

Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple's iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they're calling 'Mactans' after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do."

3 of 201 comments (clear)

  1. Re:Physical Access by Anonymous Coward · · Score: 5, Informative

    This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior. For the Olympic Games in London, Vodafone fitted 1000 taxis with mobile phone chargers.

  2. Re:Possible Solution by jeffmeden · · Score: 5, Informative

    I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?

    Because you have to jailbreak in order to use PairLock? And um, jailbreaking is bad, mmkay?

  3. Re:Physical Access by 0x000000 · · Score: 5, Informative

    This is so completely wrong that I don't even know where to begin.

    1. Apple hasn't put DRM in their chargers
    2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
    3. Apple devices are also USB devices, when they connect to a USB host (such as the BeagleBone) they communicate using standard USB, that is the only ID string that gets sent back, along with a request for at least 500 mA of power to be provided by the host.
    4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone. This is generally done during development or for example in corporate settings. These same provisioning profiles can be used to disable certain features, or set up emails accounts, wifi passwords, and all that fun stuff, you know to provision a device in a corporate scenario.

    It's a shame that your comment got voted up as informative when it contains so much mis-information.

    --
    cat /dev/null > .signature