MacNN Forums (
-   Tech News (
-   -   Researchers claim modified charger can hack iOS devices in one minute (

NewsPoster Jun 3, 2013 08:51 AM
Researchers claim modified charger can hack iOS devices in one minute
Security researchers have unearthed a method that can add software to an iOS device using a <a href=" alfunction/" rel='nofollow'>charger</a>. Researchers from the Georgia Institute of Technology will reportedly demonstrate a proof-of-concept charger at the <a href="" rel='nofollow'>Black Hat</a> security conference in late July that will be capable of installing malware onto an iPhone without the user's knowledge. <br />
<br />
The presentation <a href="" rel='nofollow' target="_self" title="">briefing</a> from Billy Lau, Yeongjin Jang, and Chengyu Song claims that the iOS device being charged could be compromised within one minute of being plugged in, and that the resulting software installed could be hidden from view in a similar way to how Apple hides some of its own built-in software items. <br />
<br />
In order to demonstrate the USB-based attack's effectiveness, the researchers have constructed a charger using a <a href="" rel='nofollow' target="_self" title="">BeagleBoard</a>, a low-power and open source single-board computer from Texas Instruments that costs $45, which the team calls Mactans. While the resulting hardware would be significantly bigger than the typical Apple charger, thanks to the BeagleBoard's size, it is suggested by the team that someone with more time and funding could end up making a more efficient and well-disguised version. <br />
<br />
It is warned that "All users are affected, as our approach requires neither a jailbroken device nor user interaction," including ones running the latest iteration of iOS. Speaking <a href="" rel='nofollow'>to</a> <em>Forbes</em>, Jang confirmed that the team had contacted Apple with their findings, but has yet to hear anything back. Jang also refused to comment further on the hack.
robttwo Jun 3, 2013 09:42 AM
And let me hold you iOs device for a minute and I can add software to it as well.
In fact, I can also smash the screen, run over it with a car, and drop it from the Empire State building.

So, beware.
Grendelmon Jun 3, 2013 10:25 AM
robttwo, you don't understand the possibilities. Just like thieves installing card readers at gas pumps to steal credit card numbers, I envision the possibility of someone installing these at public USB charge stations at places such as airports, bus stops, etc. Not good. Hopefully Apple squashes this security hole ASAP.
BLAZE_MkIV Jun 3, 2013 10:34 AM
The public charging stations have should just have power ports, anyone stupid enough to plug it into an unknown USB port deserves it. I wonder if this would work through a USB hub?
b9bot Jun 3, 2013 10:36 AM
First you have to swap my charger for a hacked one. Second you have to break into my house. Third you need to make that technology much smaller to fit inside the existing Apple charger. Fourth you have to get my iPhone which is always in my pocket. Fifth the whole idea of this seems a little extreme unless you are some sort of spy from 007. I always carry my own chargers with me when I travel so again you have to be some kind of pick pocket to swap my charger in order for any of this to work. Right now I'm very confident that this is a very, very, very, very, low threat. I'm also confident that this would also work on Android phones easier than it would on any iPhone since Android software is 99% infected with malware already.
hayesk Jun 3, 2013 11:07 AM
"All users are affected, as our approach requires neither a jailbroken device nor user interaction"

Well, in effect, it is using the same method as jailbreakers use to jailbreak iOS devices.
daqman Jun 3, 2013 02:16 PM
It is the phrase ""All users are affected" that I take objection to. Many people including myself and others who posted here do not use any charger other than one that they own and bought directly from Apple.
While they are important these overreaching scare tactic announcements are nothing more than advertising for the group that makes them.
The Vicar Jun 3, 2013 02:24 PM
Actually, this is pretty bad. You could build a much more efficiently-spaced version which would look just like an actual Apple charger; it wouldn't even have to actually charge. Then you just look for opportunities to swap your fake for people's real chargers. Once you do, you don't have to do anything further -- sooner or later, the person will try to "charge", and your malware is installed. If you left out power from your fake, they will just decide the charger has gone bad and throw it away. And then they have malware, which presumably can contact you over the Internet the next time there's a connection, so you don't even have to meet up with the person again.

So yes, this is pretty serious. You'd think Apple would require you to unlock to upload software -- they require you to unlock to transfer files to and from the dropbox, after all.
daqman Jun 3, 2013 02:24 PM
Oh, and another thing, look at the electronics that are used to implement the demo device. To reduce it to a size that would fit into the same footprint as a functional charger and still fit inside the little white cube in a way that would not rouse suspicions would be quite costly. I do not see a significant easy return on investment that would justify the cost of putting many of these out in the wild. Hacking ATMs has an immediate cash return, hacking random iPhones has the possibility of something salable turning up but that has to be weighed agains the cost of implementation and the penalty for detection. I suspect this is not worth the effort unless you have a particular target in mind.
bjojade Jun 3, 2013 05:37 PM
Finding USB charging stations is becoming quite commonplace. Airports are one where you'll find a ton of USB chargers, especially when flying internationally. With those devices, size isn't really much of an issue. It's definitely a security risk if simply plugging into a charger will allow software to be installed on an otherwise locked phone.

I'm surprised nobody has done this before.
Arne_Saknussemm Jun 3, 2013 07:56 PM
Yet one more reason replaceable batteries are just the thing to have with you when traveling.

No need to find an outlet, carry a charger or even wait.

Just swap the dead one for a fresh one, and you are back in business.
The Vicar Jun 3, 2013 11:03 PM

You don't even need replaceable batteries. There are plenty of external power packs for iOS devices. But it's still not as good as bringing a charger; carrying an extra battery just means you can go somewhat longer without a dead device, whereas having a charger means you usually can avoid a dead device entirely.
aristotles Jun 4, 2013 05:07 PM
Just carry your own charger that came with the iOS device and charge it from a regular wall socket.
All times are GMT -4. The time now is 04:13 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.3.2