Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Infect iOS Devices With Malware Via Malicious Charger

Posted by timothy on from the nobody-wants-some-iphone-with-a-social-disease dept.

Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple's iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they're calling 'Mactans' after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do."

10 of 201 comments (clear)

  1. Connectors by Nerdfest · · Score: 5, Funny

    I consider any charger with one of those proprietary connectors a 'malicious' charger.

  2. Re:Physical Access by Anonymous Coward · · Score: 5, Informative

    This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior. For the Olympic Games in London, Vodafone fitted 1000 taxis with mobile phone chargers.

  3. Re:Years old by fuzzyfuzzyfungus · · Score: 4, Funny

    I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.

    Wow, a sleazy USB device from China that has more flash memory than the specs indicate, rather than substantially less? Where can I find this miraculous creature?

  4. Re:Physical Access by slim · · Score: 5, Insightful

    GP has already provided you with a potential scenario - presumably the chargers Vodafone fitted in London taxis were a USB socket and/or an iPod dock mounted in the passenger section of the taxi. The BeagleBoard could be anywhere in the taxi.

    Plus, it's a proof of concept. It could certainly be miniaturised.

    I doubt that any other smartphone OS is immune to this kind of attack, however.

  5. Re:Physical Access by fredprado · · Score: 4, Insightful

    The prototype being based in a big developer board means nothing. The exploit could be easily replicated in smaller boards that would fit just fine in regular chargers.

  6. Re:Physical Access by gmack · · Score: 4, Insightful

    This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior.

    It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.

    Sure they will. In Spain there are charging kiosks with coin slots and cables going somewhere you can't see them and people use those all of the time. You forget that in most public charging situations you don't want just anyone to be able to unplug the thing and walk away with it.

  7. Re:Possible Solution by jeffmeden · · Score: 5, Informative

    I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?

    Because you have to jailbreak in order to use PairLock? And um, jailbreaking is bad, mmkay?

  8. Inductive charging by bored · · Score: 4, Interesting

    What amazes me is that inductive charging hasn't taken over. I was a skeptic, when I got my touchpad a couple years ago. The ability to just drop the pad on a dock without worrying too much about positioning/etc quickly sold me on the idea. Same thing with the veer I purchased as well. Just drop it on the dock and the magnets align it.

    Now every-time I plug in the wifes ipad, or android phone I cringe. Small easily broken connectors are something that should be a last resort.

    Oh, and the touchpad prompts the user before allowing communication on the USB port.

    1. Re:Inductive charging by bored · · Score: 4, Interesting

      Inductive charging is highly wasteful.

      Dock based, inductive charging is ~85% efficient, due to being something like 5mm of separation between the coils, running at very high frequency, and being actively controlled. So, this isn't your granddaddy's wireless power fantasies.

      The loses in the 50% efficient wall warts shipping on most android phones are a worse problem.

  9. Re:Physical Access by 0x000000 · · Score: 5, Informative

    This is so completely wrong that I don't even know where to begin.

    1. Apple hasn't put DRM in their chargers
    2. Apple devices look for a certain voltage on the D+/D- traces to know whether they can charge at 100 mA, 500 mA, or more, specifically the iPad can draw more power
    3. Apple devices are also USB devices, when they connect to a USB host (such as the BeagleBone) they communicate using standard USB, that is the only ID string that gets sent back, along with a request for at least 500 mA of power to be provided by the host.
    4. This doesn't actually use any specific vulnerability, rather it uses the fact that when you connect an iOS device you can using a provisioning profile side-load apps onto the phone. This is generally done during development or for example in corporate settings. These same provisioning profiles can be used to disable certain features, or set up emails accounts, wifi passwords, and all that fun stuff, you know to provision a device in a corporate scenario.

    It's a shame that your comment got voted up as informative when it contains so much mis-information.

    --
    cat /dev/null > .signature