A group of researchers from the Georgia Institute of Technology claim to have developed a new smartphone charger that can install malware on almost any Apple device running the latest version of iOS.
Billy Lau, Yeongjin Jang and Chengyu Song are expected to debut the charger at Black Hat, a long-running security conference to be held in Las Vegas this July and August. A summary of their presentation states that they will be able to demonstrate how an iOS device can be compromised less than a minute after plugging in a malicious charger.
[related-posts]
To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard, the group explains.
This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.
The researchers appear to have discovered a major weakness in the defences of Apple’s popular mobile operating system. The trio don’t have malicious intentions, however. Jang said that he had already contacted Apple about the exploit. During the presentation they will also recommend ways in which users can protect their devices moving forward.
Evidence of the charger is yet to surface, so it’s unclear exactly what it looks like and if it bears any resemblance to an official charger built by Apple. Nevertheless, there is already an abundance of safe third-party chargers available for purchase, so even a half-decent effort should raise a few eyebrows from the audience.
Apple is yet to recognize the findings of the group, but any potential scenario whereby an iPhone or iPad is compromised using its USB connection should be high on the company’s priorities.
As always, think twice about borrowing anything that can connect with your personal devices. Especially suspicious-looking chargers, it would seem.
Credit: TNW