Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Hacked In Under 60 Seconds Using Malicious Charger

Posted by timothy on from the with-lucy-liu-I-hope dept.

DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..." (For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")

20 of 170 comments (clear)

  1. Translation: by CanHasDIY · · Score: 4, Insightful

    The quickest way to get PWND is to give someone else physical access to your device.

    Always has been true, and likely always will be.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  2. Re:Why can't Iphone / ipad have usb port for charg by The+MAZZTer · · Score: 5, Informative

    That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...

  3. Re:Why can't Iphone / ipad have usb port for charg by SIGBUS · · Score: 5, Insightful

    How many Android handsets come with USB debugging enabled by default?

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
  4. Re:Jailbreak exploit opportunity by AlreadyStarted · · Score: 5, Informative

    The "modified charger" they describe is in fact a computer.

  5. The jokes just write themselves by safetyinnumbers · · Score: 5, Funny

    delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails

  6. Re:user's brain gets hacked, by Anonymous Coward · · Score: 3, Funny

    If they're using an iPhone, they already succumbed to brain hacking by Apple's marketing.

  7. "Bastion of security" by Ferzerp · · Score: 5, Insightful

    Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.

    I thought the RDF had dissipated, but I guess not.

    1. Re:"Bastion of security" by blueg3 · · Score: 4, Insightful

      It's right because the jailbreaks are all serious security vulnerabilities. That's how they work, and having them around is dangerous.

      Now, it might be nice if Apple allowed people to have the capabilities provided by a jailbreak if they want them. That's not the same as having a jailbreak.

    2. Re:"Bastion of security" by tlhIngan · · Score: 3, Informative

      Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.

      Wow, that remote exploit was for iOS 4, an OS that shipped in 2010-2011. There's only one phone stuck on iOS 4 - the iPhone 3G - everyone else is able to run a higher version.

      Yes, I suppose if one is used to Android, they would think a ton of people still use iOS 4, but no. After all, iOS 4 came out around the time of Gingerbread, which is still used by a third of Android phones.

      Of course, iOS 6 has proven to be EXTREMELY difficult to compromise. It took 6 months before the first jailbreak came out (for 6.1.0) and a bunch of critical flaws were discovered including unlock screen flaws, resulting in 6.1.1, 6.1.2 and the current version of 6.1.3.

      Unfortunately, 6.1.3 closed the flaw the jailbreaking flaw and no new one has been found since. Old devices have tethered jailbreaks for 6.1.3 but that's it. New ones like the iPhone 5 and iPad 4 ... no jailbreak exists.

  8. Re:The Internet of Things... by Anonymous Coward · · Score: 5, Insightful

    Apple's iOs has been known as a bastion of security for many years

    Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.

  9. Bastion of security? by scot4875 · · Score: 4, Informative

    I'm sorry, but if every version of your OS is trivially jail-breakable (with, for example, exploits that amount to root privilege escalation by simply visiting a web page on the device's browser), you are NOT a bastion of security.

    You can argue that Apple does a better job of "securing" their app store than Google does, but that doesn't make the devices themselves any more secure. Just because something trivially exploitable hasn't been exploited (that you know of ... yet) doesn't make it secure.

    --Jeremy

    --
    Jesus was a liberal
  10. Quite misleading by ernest.cunningham · · Score: 4, Informative

    The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
    It then signs the malicious app and installs it.
    It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.

    The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.

    Still, a fun wee hack and novel approach.

  11. Re:Why can't Iphone / ipad have usb port for charg by mlts · · Score: 4, Insightful

    Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.

    Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.

  12. Bogus summary by 93+Escort+Wagon · · Score: 4, Funny

    If this charger deletes the Facebook app, I don't think that qualifies as "malware".

    --
    #DeleteChrome
  13. Re:Jailbreak exploit opportunity by Em+Adespoton · · Score: 4, Informative

    Interestingly, for the hack these guys created to work, the attacker must have a valid developer's license, and the target iOS device must already be jailbroken. The first bit allows them to query Apple's dev site for the debug key for your specific iOS device; the second is required to get the loaded software to actually run on the device.

    HOWEVER, the same technique can be used to read all data available in userspace on the phone, so improperly stored passwords, plus all other app data and configuration data could be grabbed in this manner.

    If Apple can fix this in iOS 7, I'm expecting the jailbreak community to create a fix (that will be loaded as part of the jailbreak process) in short order. Something similar to bluetooth pairing for debug and filesystem access would be an extremely good idea, plus it would close a number of outstanding attack vectors in iOS devices, not just the ones presented.

  14. Re:Why can't Iphone / ipad have usb port for charg by NatasRevol · · Score: 4, Informative

    A lot of iDevice users believe the fancy ports are better than standard USB ports when in fact they both do the same thing.

    Why are so many people so ignorant on this point?

    http://en.wikipedia.org/wiki/Dock_connector#30-pin

    It contains controls, audio and video, as well as data & charging like USB.

    --
    There are two types of people in the world: Those who crave closure
  15. Re:The Internet of Things... by the_other_chewey · · Score: 4, Informative

    Apple's iOs has been known as a bastion of security for many years

    Uh, what? The fuck it has.

    That had me chuckling as well.

    Remember when you could visit a website to "slide to jailbreak"
    from right inside the web browser?

  16. Re:Why can't Iphone / ipad have usb port for charg by Anonymous Coward · · Score: 5, Informative

    iOS uses signing too. The hack described here reads the phone's UID, signs it with an Apple dev key, and then pushes it to the phone. It requires communication with Apple servers and can be used on at most 100 devices before it's automatically disabled.

    It's a slightly different style of attack than would be used on Android phones, but in terms of public vulnerability it's not really a different threat level.

  17. Re:Jailbreak exploit opportunity by samkass · · Score: 4, Informative

    No, it doesn't require the phone to be jailbroken. It does, however, require the attacker to have a paid Apple Developer account with a valid credit card, and it digitally signs all the malware with that developer's information, and limits the total number of devices ever attached to that account to 100 without calling Apple and requesting a reset, and requires the attacking "charger" device to be online at the time of the attack. It also requires the phone to not be in its lock screen, so for it to work you have to manually unlock it and type in your passcode while it's plugged in.

    So it's pretty much a proof-of-concept attack that's not very practical yet, but could probably have been built upon if Apple hadn't already put a fix into the version of the OS coming out soon which, if history is a guide, 90%+ of the iOS installed base will be on in a few months.

    --
    E pluribus unum
  18. It's a smart hack, thats all by Camael · · Score: 4, Insightful

    Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.

    Come on, lets get a sense of perspective instead of going into fanboyism (or anti for that matter).

    Before today I had absolutely no idea a microcomputer could be made to look like a charger, or that the charging port on iPhones could be used to hack iOS. If you read TFA, the way they did it is pretty deceptive and ingenious.

    The charger could be made to look like a typical Apple charger, meaning those looking to infect iPhones and iPads could leave them lying around in public charging zones to trick unsuspecting members of the public.

    In the demonstration in Las Vegas, the researchers used the Facebook app as an example of an software that could be compromised. Once the charger is plugged in and the user inputs their PIN code, the charger silently and invisibly removes the target app, in this case the official Facebook app. It then replaces it - in exactly the same position on your iPhone/iPad homescreen - with what looks like a perfect replacement. In actual fact this is malware and once you launch it, your phone/tablet has been compromised.

    Its fair to say that most people have a blind spot insofar as power ports are concerned, we normally don't think of it as a point of entry and this is the social engineering trick this hack takes advantage of . In fact, I think that prior to iPod/iPhones, no device used their power point to double up as a data connector. Pre-iphone, I remember swapping and borrowing Nokia/Sony etc. phone chargers from friends/strangers with no repercussions whatsoever.

    It is very insulting and unfair to call people who would use a stranger's charger 'stupid' -not everyone is a techie or keeps updated with technology news. Which is probably why you posted as AC instead of under your own name =)