Researchers: We can hack an iPhone through the charger

A team of researchers from Georgia Tech say they’ve discovered, and can demonstrate, a way to to hack into an iPhone or iPad in less than a minute using a “malicious charger.”
The team plans to demonstrate its findings at the Black Hat computer security conference, which begins July 27 in Las Vegas.

In a preview of its presentation, the team acknowledges Apple’s “plethora of defense mechanisms in iOS.” Historically, Mac users have been able to boast of being largely malware free, in part because spammers, scammers and hackers preferred to target the larger number of Windows computers in the world.

On its mobile iOS operating system, Apple has created a “closed garden” environment in which everything from apps to accessories has to be approved by Apple, as opposed to Google’s more wide-open Android system.
But by attacking in a nontraditional way, the team of Billy Lau, Yeongjin Jang and Chengyu Song say, those defenses can be bypassed.

“(W)e investigated the extent to which security threats were considered when performing everyday activities such as charging a device,” they wrote. “The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.

“All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
The team says they have built a malicious charger named Mactans, which they plan to demonstrate at Black Hat. Latrodectus mactans is the scientific name for the deadly black widow spider.

The preview doesn’t say whether the charger is a modified version of Apple’s standard equipment or entirely new.

“While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish,” they wrote. “Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.”

Apple did not immediately respond to a message seeking comment.

1 comment: