Slashdot Mirror
iPhone Hacked In Under 60 Seconds Using Malicious Charger
DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..."
(For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")
The quickest way to get PWND is to give someone else physical access to your device.
Always has been true, and likely always will be.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...
So does this mean you could write a jailbreak for iOS device using a modified charger? If so, how is this any different than plugging the device into a computer?
I'm out of my mind right now, but feel free to leave a message.....
How many Android handsets come with USB debugging enabled by default?
Oh, no! You have walked into the slavering fangs of a lurking grue!
delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails
If they're using an iPhone, they already succumbed to brain hacking by Apple's marketing.
Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.
I thought the RDF had dissipated, but I guess not.
Sounds like a good idea to me - ROLL IT OUT
Apple's iOs has been known as a bastion of security for many years
Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.
That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...
Almost.
I have seen USB wire things that do not have data connected (at AT&T shops).
At the time I passed on the $9 cable because I wanted to move stuff on and off my phone via USB.
Now that someone has done this hack I will get and keep a no data USB wire for travel and other situations where I might plug into a random who knows USB charger and not my own charger.
It does tell me that the TLA guys now have a window into my soul should they replace my charger at home with their device that sends my soul to mars.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
I'm sorry, but if every version of your OS is trivially jail-breakable (with, for example, exploits that amount to root privilege escalation by simply visiting a web page on the device's browser), you are NOT a bastion of security.
You can argue that Apple does a better job of "securing" their app store than Google does, but that doesn't make the devices themselves any more secure. Just because something trivially exploitable hasn't been exploited (that you know of ... yet) doesn't make it secure.
--Jeremy
Jesus was a liberal
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
Can't speak for others, but my iPhone 4's performance became quite sluggish after I upgraded to 6. I don't plan to get a new phone any time soon, so I'll probably stick with 6 for the time being.
Taking guns away from the 99% gives the 1% 100% of the power.
Why can't Iphone / ipad have usb port for charging and not high priced apple changes with iffy knock offs?
Jobs wanted it so. (not the iffy knock offs, he hated those)
A feeling of having made the same mistake before: Deja Foobar
The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.
The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.
Still, a fun wee hack and novel approach.
The "charger" port is, in fact, a USB port (or something similar) so yeah: if you don't have physical security, you don't have security, just like everything else.
Also, "Apple... will fix the vulnerability in the iOS 7 release" is not the same as "Apple has said they won't fix this in iOS 6." We'll have to wait and see what they say/do before passing judgement. (Radical idea, I know.) Apple was selling 3GSs with iOS 6 less than a year ago, and as far as I know, those little guys won't run 7.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
Well not everyone loves neon gradients as much as Jony Ive. Not that I was a fan of some of the ridiculous "skeuomorphic" stuff either though.
But honestly that's all behind me as I've got a Samsung Galaxy 3 now, and seriously doubt I'd switch back to Apple phones, unless there is another big shakeup before my next upgrade cycle.
To wind our way back on topic though my daughter has my iphone 3GS...(I had a new battery put in it and its good as new) Now, she won't be upgrading to ios7 either, because the 3GS isn't supported. So yeah, security fixes for ios6 would be pretty welcome.
Well, the fact Apple's connector fits both ways is a big plus. However, I would rather have seen a new USB standard with that feature than a proprietary connector doing it, and I'm sure Apple could've joined the board to push that, so it most certainly doesn't excuse them.
If this charger deletes the Facebook app, I don't think that qualifies as "malware".
#DeleteChrome
Whatever flaw they are using to hack the phone is a possible jailbreak exploit that they are needlessly wasting.
At the very least they should let the jailbreak community at this first, THEN show off the malicious charger. At this rate we'll never see a JB for iOS 7!
Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages)
There was one such remote vulnerability, via PDF, some years ago... none since then I know of.
There have always been local flaws because Apple leaves some local exploits to keep jailbreaking viable.
Of course, even with said flaws actual exploits exist pretty much only for Android.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You had me at "Apple's iOs has been known as a bastion of security for many years"...
"You're charging it wrong."
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
To preserve my jailbreak. I certainly won't downgrade to a new iOS until I know it's compatible with my Cydia apps.
New versions of iOS have become very ho-hum for the users. In the early days, they were exciting. Apple used the upgrades to add actual missing features, like copy/paste and multitasking. Consumers really wanted the latest and greatest, because the new features made an actual difference to them. Plus, iOS upgrades were required to download the latest apps, as new APIs were introduced to support things like front facing cameras, auto focus, iPad compatibility, etc.
Things became tricky, though. As they added features they bloated the OS, making the old iPhones perform poorly. But they got lucky. Most customers were already conditioned to previous phones "getting old and slow", that battery performance dropped dramatically after a year, and they wanted the new features anyway. They bought new iPhone hardware to compensate every time their 2 year contracts were up. So it turned out that it was OK with customers, because the latest iPhones were always "cool" and better, and all sins were quickly forgiven.
Apple couldn't buy enough wheelbarrows to haul away all the money they made with that strategy.
With iOS6, though, they may have finally poisoned the goose laying the golden Apples. Ordinary customers finally noticed that Apple was screwing them when they got their nice Google map app taken away and replaced with the shitty Apple Map. ("You want transit directions? You peasant! If you must, click here to download your city's transit app, and while you're at it, borrow a quarter from the guy next to you.") With that incredibly stupid mistake, lots of iPhone owners realized that Apple wasn't "benign" with their upgrades, and started to wonder just how badly they've been screwed over the years. Ordinary people are now likely to be somewhat wary of new iOS releases.
It remains to be seen if people will simply accept whatever they shovel into iOS7. There is already complaining about the new Fisher Price look of the interface, and that there are no real features of value. iTunes Radio is the closest thing to "new" in this device, but people who like that sort of thing already have Pandora, and they don't want to change because their player already knows their tastes. iOS7 might not get the swift uptake that their previous OSs saw.
John
You'll only get 150mA charging from a USB cable with no data lines. Anything higher from a computer requires negotiation (will get you up to 500mA), and from a wall-wart requires shorting the data pins.
I would imagine our government would be more interested in acquiring a secretly swapping it with one like killed that lady in China, or swapping with any political enemies that use an iPhone.
Brought to you by Carl's Junior.
This is just more mindless Google fanboy anti-Apple hate.
It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.
And this is just like a jailbreak, so it is a good thing.
Actually, this isn't mindless. This has been a known security issue in iOS since iOS 3 days, that Apple hasn't bothered to fix.
See this article coming out of DEFCON 2011:
http://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/
So unless you carry around a charging cable with the data pins removed or never charge at a USB port you don't own yourself, this is an issue (and has been for years).
Google (partially) fixed this on Android when noise first started being made in late 2010, but Apple didn't. Of course, due to fragmentation, that only means it's fixed if you bought your Android phone after mid-2011 or have an upgrade that implements the fix -- but Apple seems to be fragmenting within its own ecosystem, as this fix is iOS 7, and there are now a large number of iOS devices in every day use that aren't won't run iOS 7.
Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.
My outlets at home provide all the current my device could hope for.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
The data doesn't show that. It shows that Apple has trained the userbase to upgrade very quickly.
A lot of iDevice users believe the fancy ports are better than standard USB ports when in fact they both do the same thing.
Why are so many people so ignorant on this point?
http://en.wikipedia.org/wiki/Dock_connector#30-pin
It contains controls, audio and video, as well as data & charging like USB.
There are two types of people in the world: Those who crave closure
Major advantage to me is that now I don't have to double check if I have the right side "up" of the connector when I connect my iPad to the charging cable. You can bitch a lot about Apple I think this is a step forward, especially for older people.
Perl Programmer for hire
Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.
So since the "hack" involves have a small charger that's really an iOS development computer, and can attack only 100 devices before it runs out of open UUID's in the deve account they use - what makes you think your daughter's iPhone would be worth the degree of effort it takes to attack?
What would the effort be to back port the patch to ios6? There are millions 3GS phones out there still. I agree this particular hole is relatively low risk -- but all security fixes in general should be back ported. You do realize the 3GS was only discontinued less than a year ago right? Its not some long forgotten toy from antiquity. They were still selling them last July.
There's no way that an iOS device worth attacking at this point is not at least on an iPhone 4 or higher.
Right, because no one would ever be interested in hacking a 12 year old girls phone. :facepalm:
Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.
They may have said "privacy", but that was a smokescreen. It was about nothing but money. Apple is in head-to-head competition with Google, and allowing their primary competitor a choice seat on their home screen and garnering the search, location, and resultant ad revenue was an affront they could no longer abide.
Apple truly believed they could get away with it and that customers wouldn't care. They believed that they would deliver such a hot-shit mapping app with useful turn-by-turn screens that consumers would just love it like they loved everything else Apple produced. They committed themselves to delivering on that belief. And as release day arrived, and initial reviews came back, they began to realize that buying TomTom's map was buying little more than a pig in a poke, and began to wonder if it wasn't a mistake. But they had no idea of the size of the PR nightmare they were creating, and they did not expect the backlash that came out of betraying their fans.
I seriously doubt that iOS7 will be adopted at the rate iOS6 was. But I may be underestimating the power of auto-updates. A large number of people just won't care no matter what Apple does.
John
Apple's iOs has been known as a bastion of security for many years
Uh, what? The fuck it has.
That had me chuckling as well.
Remember when you could visit a website to "slide to jailbreak"
from right inside the web browser?
Actually, the cash prize dwarfs the object prize, which eliminates any notions of going for a certain object because it is more "desirable."
The Apple products are the easiest to crack and are usually pwnd in a matter of seconds.
I'm sure this is intentional. That's why they're not fixing it until next version, when they can implement a new backdoor that isn't so easy to find before onboarding the new clients (NSA). Same type of shit from Microsoft and Oracle delaying zero-days. "oh yeah we can fix this obtuse, barely exploitable and complex exploit in an emergency out of cycle release" "oh, but, no. this obvious out of bounds issue with a trivial satiny check fix with exploits in the wild that convenient make investigators jobs much easier can't be done until 6 months from now"
yeah... ok.
No, it charges your credit card.
iOS uses signing too. The hack described here reads the phone's UID, signs it with an Apple dev key, and then pushes it to the phone. It requires communication with Apple servers and can be used on at most 100 devices before it's automatically disabled.
It's a slightly different style of attack than would be used on Android phones, but in terms of public vulnerability it's not really a different threat level.
Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
Not quite,
If the device is in fastboot mode it'll let any device have it's way with its file system.
But you need have put the device in fastboot mode, which means the user is an idiot or you've got physical access to the device. In which case on device security wont help one iota.
Calling someone a "hater" only means you can not rationally rebut their argument.
The Apple chargers CAN supply more power than the USB spec to Apple devices.
But it's totally optional. You can charge ANY iOS device on ANY USB port, it will just take somewhat longer. You can plug ANY USB powered device into an Apple USB charger, and it will charge. It's USB, that's what it does.
In just one post you manage to demonstrate complete ignorance as to the subject matter at hand, and unwillingness even to use Google for one second to prevent yourself from looking like a complete idiot.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This isn't accurate. Fastboot will only flash something that's signed by the manufacturer, unless the bootloader is unlocked, which won't matter anyway if the device is encrypted. Nexus devices are locked too, and unlocking the bootloader wipes all data, so you still won't get access to anything. ADB sideloading requires ADB to be enabled and the RSA fingerprint of the PC to be accepted.
They went overboard on the flat effect. Have you seen the icons? It looks like a south park construction paper iPhone.
With the changes in UIControls, apps that aren't upgraded look like a bag of ass. Or are non-functional (the navigation bar is now larger and covers the view underneath by default).
Do you even lift?
These aren't the 'roids you're looking for.
The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.
The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.
Still, a fun wee hack and novel approach.
It also requires a modified cable with at least some of the same electronics that are used for the factory burn-in through the dock connector. The hack either required some stellar reverse engineering, or it required access to an Apple engineer with clearance for the cable for developer fused devices, or it required a factory worker in China to sneak out a cable. My money would be on the China connection, since China tends to leak like a sieve, even in the factories used for Apple products.
This isn't accurate. Fastboot will only flash something that's signed by the manufacturer, unless the bootloader is unlocked, which won't matter anyway if the device is encrypted. Nexus devices are locked too, and unlocking the bootloader wipes all data, so you still won't get access to anything. ADB sideloading requires ADB to be enabled and the RSA fingerprint of the PC to be accepted.
I wasn't talking about flashing anything, simply reading, copying to and modifying files on the file system. Fastboot enables the ADB bridge.
If you've gotten into fastboot, you've probably bypassed most if not all the security measures (most importantly, the physical security).
Calling someone a "hater" only means you can not rationally rebut their argument.
The cord that has audio connectors on the other end doesn't. Just because you've never plugged anything but a USB cable into your iPhone doesn't mean nobody else has.
Pwn2Own 2010: iPhone 3GS compromised via bypassing code signing; Nexus One not compromised.
Every year Android has existed: 99% of viruses on Android.
Reality totally contradicts the picture you are trying to point. Android far more secure: Odd then it has ALL of the viruses/trojans/malware. Apple disliking jailbreaking: odd then that jailbreaks come out with great regularity after every new OS or device release (but mostly tethered) and Apple hires jailbreak developers to work on core systems sometimes...
Your hatred is blinding you to reality.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Cereal boxes are at least useful...
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
Today Google maps is an approved app on the app store. You can simply claim motivations that both Apple and Google deny but unless you have inside information I'd assume Apple and Google are telling the truth about their dispute. Moreover Google remained the default search engine which had more revenue potential. As for "ad revenue" there wouldn't be any ad revenue under Apple's approach, that was the point.
Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.
Come on, lets get a sense of perspective instead of going into fanboyism (or anti for that matter).
Before today I had absolutely no idea a microcomputer could be made to look like a charger, or that the charging port on iPhones could be used to hack iOS. If you read TFA, the way they did it is pretty deceptive and ingenious.
Its fair to say that most people have a blind spot insofar as power ports are concerned, we normally don't think of it as a point of entry and this is the social engineering trick this hack takes advantage of . In fact, I think that prior to iPod/iPhones, no device used their power point to double up as a data connector. Pre-iphone, I remember swapping and borrowing Nokia/Sony etc. phone chargers from friends/strangers with no repercussions whatsoever.
It is very insulting and unfair to call people who would use a stranger's charger 'stupid' -not everyone is a techie or keeps updated with technology news. Which is probably why you posted as AC instead of under your own name =)
http://it.slashdot.org/story/13/06/03/0312208/researchers-infect-ios-devices-with-malware-via-malicious-charger - "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger..."
Of course news about a fake are Fake News.
This is just more mindless Google fanboy anti-Apple hate.
It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.
And this is just like a jailbreak, so it is a good thing.
Actually, this isn't mindless. This has been a known security issue in iOS since iOS 3 days, that Apple hasn't bothered to fix.
See this article coming out of DEFCON 2011:
http://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/
So unless you carry around a charging cable with the data pins removed or never charge at a USB port you don't own yourself, this is an issue (and has been for years).
Google (partially) fixed this on Android when noise first started being made in late 2010, but Apple didn't. Of course, due to fragmentation, that only means it's fixed if you bought your Android phone after mid-2011 or have an upgrade that implements the fix -- but Apple seems to be fragmenting within its own ecosystem, as this fix is iOS 7, and there are now a large number of iOS devices in every day use that aren't won't run iOS 7.
Yes, this is mindless, because it's an issue with all mobile OSs - funny how you managed to find an article that pretends otherwise http://managedsolutions.com/tag/juice-jacking/ doesn't.
BTW: there are commercial chargers that remove malware from Androids http://kapricasecurity.com/ - you really believe the opposite can't be done?
Of course news about a fake are Fake News.
Back in 2009, I wrote on Slashdot
Yes, I was in an airport recently, and there were power outlets with both AC and USB. The future is here.
Yes, but how do you know it only provides power? It might also read or write whatever is plugged into it, install malware, steal your info, or whatever.
We warned you. You didn't listen. Now suffer. Downside
Please, read TFA you linked to.
99% of newly discovered malware is not the same as 99% of viruses. Stop spinning.
Further, having a larger number of malware directed at a platform does not mean that particular platform is less secure. Malware makers will benefit the most by having large infection pools, and will thus often target the most popular platform, which right now is Android.
You should also note, also in TFA you linked :-
Dare I say, both platforms pwned then? The only truth is that neither platform is totally secure, and that security depends on the manner of use; for example, if you jailbreak or root your phone, you are more exposed. Trying to spin it either way is an exercise in stupidity.
Are you distinguishing that from all the devices that do audio, video and controls over USB?
[I]t's nifty that Apple is addressing the issue in iOS 7.
How is that "nifty"? It's the least they should do. It's like Chris Rock's thing about all those parents who go round proudly proclaiming that "I take care of my kids!" You're supposed to take care of your kids!
systemd is Roko's Basilisk.
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
Hmm... So how is that different from the Apple charger case if a user manually authorizes the process? Didn't you read the TFA or even the summary?
Once the charger is plugged in and the user inputs their PIN code, ...
You see, it means that an iPhone user has to input their PIN or "authorize" the access, which is similar to clicks "OK" as you mentioned. From here, I see no difference between the USB debugging feature enabled and charger...
What is this auto-update you speak of?
To upgrade iOS, you have to actually tell it to upgrade. It will only notify you when one is available.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If you cut all the wires in your charging cable except power and ground, will the device still charge?
If so, transparent "USB extenders" that only have power and ground wires would let anyone charge anywhere without data risk (there would still be the risk of malicious over-voltage, but that's a different risk).
If not, then future devices that charge over USB or other data+power cable should be built to charge with a "power-only, all other pins disconnected" cable.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
it also requires the user to unlock the device.
Especially when a lot of places (airports, even planes etc) now provide USB ports for charging of mobile devices.
Can you point ONE out?
There are two types of people in the world: Those who crave closure
Video over USB:
http://www.everythingusb.com/targus-usb-3.0-dual-video-adapter-21477.html
Audio over USB:
http://hifimediy.com/index.php?route=product/product&product_id=107
Controls over USB:
http://www.amazon.com/Griffin-Technology-NA16029-Multimedia-Controller/dp/B003VWU2WA/ref=sr_1_1?ie=UTF8&qid=1375463450&sr=8-1&keywords=usb+volume+control
You can tell Apple's under new management recently. Apple used to never admit to security issues and flaws under the Steve Jobs flag. Apple has always been the holy grail of hackers.
http://thetechnologygeek.org/
Exactly. Your daughters iPhone is completely uninteresting
I seem to recall there being a whole class of criminals who would love nothing better than to have access to a 12 year old girls phone, her photos, contact lists, friends lists, calendar...
Assuming the user keeps the device locked normally. It's a balance of convenience and security, and this revelation has changed the balance.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
So, you can't point ONE out that can do all three.
Also the video one is a custom chip so not JUST over USB.
Also, the audio one is a custom chip so not JUST over USB.
Also the controls one is a custom chip AND custom software so not JUST over USB.
Thanks for perfectly making my point.
There are two types of people in the world: Those who crave closure
??? Of course there's custom hardware at the other end. The iphone cable requires custom hardware that (1) has the right sized port, (2) has the circuitry that does something with the signal it gets (except in the case of audio).
The point stands. Video, audio and control can certainly be done over USB. There's no *NEED* for the iphone cable.
LOL. We need custom hardware. Apple doesn't need custom hardware!
Or something.
Let me know when you get those things over just a USB cable *without custom hardware*. That was the original argument.
There are two types of people in the world: Those who crave closure