Three researchers from the Georgia Institute of Technology are scheduled to give a talk at the 2013 Black Hat security conference on iOS malware injection using malicious chargers. While the full details of the exploit won’t be revealed until the talk this July, the researchers have said that their method works on the latest version of iOS and does not require a jailbreak.
The researchers will demonstrate their findings with a proof-of-concept charger they have created called Mactans. It was built using a BeagleBoard embedded computer which, while too large to fit inside of a normal Apple charger, could easily be concealed in a dock, external battery, or behind a wallplate. The malicious charger will apparently be able to infect a device within one minute of it being plugged in.
In a conversation that Yeongjin Jang, one of the researchers, had with Forbes, he said that they had contacted Apple about their findings, but have yet to hear back. The briefing description also says they have some security suggestions for Apple that could make attacks like theirs significantly more difficult to execute. The group will also present recommendations for users to protect themselves from falling victim to such attacks. Naturally, the easiest way to protect yourself for now is to not plug your device into unknown or untrusted charger.
This isn’t the first time chargers have been proposed as a method for compromising mobile devices. You should always avoid using chargers from unreputable third parties, charging stations in public places such as airports, and as much as I hate to say it, even the alarm clock dock at that fancy hotel you’re staying in. There’s no evidence suggesting such malicious chargers are used much in the wild, but sticking to using your own charger from Apple or reputable third parties will help ensure you’re not one of the unlucky few that may get bitten by one of these.