June 3, 2013
"Be safe out there." That's what Apple marketing chief Phil Schiller famously said last March when he tweeted a link to a report that confirmed Android's vulnerability to malware. As it turns out, it's a piece of advice that we too would be wise to take as far as charging our iOS devices is concerned. As reported by Forbes, three researchers at the Georgia Institute of Technology has found that it's possible to hack an iPhone in just under a minute using just a modified charger. The researchers are set to demonstrate their proof-of-concept charger at the next Black Hat security conference, scheduled to be held from July 27 to Aug. 1 at the Caesars Palace in Las Vegas. Here's an abstract of their presentation at the upcoming conference:
In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.They intend to demonstrate their "alarming" findings using a proof-of-concept charger called Mactans, which is built on a BeagleBoard open-source single-board computer. At 3 sq. in., the BeagleBoard on which the Mactans is constructed can't fit in a standard iPhone or iPad charger casing. Of course, the Georgia Tech researchers are well aware of this, but they certainly don't discount the possibility of disguising the Mactans using advanced methods:
While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.Yeongjin Jang, one of the researchers, told Forbes that they had already contacted Apple about their hack, but they hadn't received a response from the iOS device maker. In any case, Jang and company plan to offer suggestions during their presentation so that users and Apple itself can make the hack in question harder for hackers to carry out.