Researchers claim to have bypassed security on Apple iOS devices using a malicious charger.
A simple device can apparently compromise an iPhone within a minute of connecting, and requires neither jailbreaking nor input from the phone’s user.
This is according to the abstract of a briefing to be given at the upcoming Black Hat USA conference.
The attack, dubbed “Mactans”, succeeded in compromising latest generation devices with the latest version of iOS. It led to a persistent infection with software of the attacker’s choice, invisible to the phone’s user thanks to built-in concealment techniques used to hide some of Apple’s own apps.
The researchers, from the Georgia Institute of Technology, say they built their malicious charger in minimal time with little budget, using a credit card-sized BeagleBoard-embedded computer.
I’ve always been a little worried when I’ve seen those free charging stations at airports, shopping malls and other public places.
OK, so sometimes you just have to get at some power, but the whole idea of plugging my phone into something I have so little reason to trust just seems a little dirty, not to mention unsafe.
Now, assuming this is more than the usual pre-conference hype, those fears look more than justified. Worse, the small scale of this particular device means you wouldn’t even need a big pedestal-sized charging station.
While not quite small enough to disguise as a normal Apple USB power converter as it stands, there are still ample opportunities to trick people into trusting a reasonably compact charging device.
With a little more effort and investment, it should be trivial to build a trojanized charger that is almost identical to standard kit. Then we’d really be in trouble.
Imagine an eBay shop selling super cheap USB plugs, which could happily take over your phone and make it call premium-rate numbers or harvest passwords from your email or even bank accounts. Not such a bargain all of a sudden.
It might be a good time to buy up all the USB chargers you’re going to need – I suspect prices for proven trustworthy hardware might well be going up fairly shortly.