Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Hacked In Under 60 Seconds Using Malicious Charger

Posted by timothy on from the with-lucy-liu-I-hope dept.

DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..." (For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")

7 of 170 comments (clear)

  1. Re:Why can't Iphone / ipad have usb port for charg by The+MAZZTer · · Score: 5, Informative

    That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...

  2. Re:Why can't Iphone / ipad have usb port for charg by SIGBUS · · Score: 5, Insightful

    How many Android handsets come with USB debugging enabled by default?

    --
    Oh, no! You have walked into the slavering fangs of a lurking grue!
  3. Re:Jailbreak exploit opportunity by AlreadyStarted · · Score: 5, Informative

    The "modified charger" they describe is in fact a computer.

  4. The jokes just write themselves by safetyinnumbers · · Score: 5, Funny

    delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails

  5. "Bastion of security" by Ferzerp · · Score: 5, Insightful

    Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.

    I thought the RDF had dissipated, but I guess not.

  6. Re:The Internet of Things... by Anonymous Coward · · Score: 5, Insightful

    Apple's iOs has been known as a bastion of security for many years

    Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.

  7. Re:Why can't Iphone / ipad have usb port for charg by Anonymous Coward · · Score: 5, Informative

    iOS uses signing too. The hack described here reads the phone's UID, signs it with an Apple dev key, and then pushes it to the phone. It requires communication with Apple servers and can be used on at most 100 devices before it's automatically disabled.

    It's a slightly different style of attack than would be used on Android phones, but in terms of public vulnerability it's not really a different threat level.