iOS malware injecting charger to be presented at Black Hat

iOS malware injecting charger to be presented at Black Hat

Three researchers from the Georgia Institute of Technology are scheduled to give a talk at the 2013 Black Hat security conference on iOS malware injection using malicious chargers. While the full details of the exploit won’t be revealed until the talk this July, the researchers have said that their method works on the latest version of iOS and does not require a jailbreak.

The researchers will demonstrate their findings with a proof-of-concept charger they have created called Mactans. It was built using a BeagleBoard embedded computer which, while too large to fit inside of a normal Apple charger, could easily be concealed in a dock, external battery, or behind a wallplate. The malicious charger will apparently be able to infect a device within one minute of it being plugged in.

In a conversation that Yeongjin Jang, one of the researchers, had with Forbes, he said that they had contacted Apple about their findings, but have yet to hear back. The briefing description also says they have some security suggestions for Apple that could make attacks like theirs significantly more difficult to execute. The group will also present recommendations for users to protect themselves from falling victim to such attacks. Naturally, the easiest way to protect yourself for now is to not plug your device into unknown or untrusted charger.

This isn’t the first time chargers have been proposed as a method for compromising mobile devices. You should always avoid using chargers from unreputable third parties, charging stations in public places such as airports, and as much as I hate to say it, even the alarm clock dock at that fancy hotel you’re staying in. There’s no evidence suggesting such malicious chargers are used much in the wild, but sticking to using your own charger from Apple or reputable third parties will help ensure you’re not one of the unlucky few that may get bitten by one of these.

Have something to say about this story? Share your comments below! Need help with something else? Submit your question!

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

6
loading...
0
loading...
37
loading...
0
loading...

← Previously

Plants vs. Zombies 2 launches July 18, will be available for free

Next up →

Apple launches WWDC 2013 companion app for iPhone and iPad

Reader comments

iOS malware injecting charger to be presented at Black Hat

5 Comments

As a developer of USB chargers (http://u-socket.com) I can assure you that almost all USB chargers do NOT have the Data Pins connected. Calling this device an iPhone charger would be akin to calling a computer a USB charger. Yes, it can charge USB devices, but that's not its main purpose :-/

You make a really good point and one I probably should have articulated. Technically if you have an embedded computer with a USB port that you plug your iDevice into, it's not plugged into a charger, it's plugged into a computer. I should have made it clear that it's a device that would likely be disguised as a charger.

I'll be interested in how this works. At first glance, it seems odd that plugging in hardware could hack the software. Perhaps it's overflowing a buffer in the phone when the phone runs the authentication of the cable?

If it's down to authenticating the cable, wouldn't the problem only affect newer Apple devices? Would it not be a tad easier to target older 30-pin devices since they seem to be more prevalent and don't require authentication?

I suppose we'll see when they reveal all at Black Hat.

The embedded computer system is what's doing all the work on injecting the malware. By disguising it as something like a USB port behind a wallplate at a public charging station, a victim would be plugging their own cable in. If a malicious "charger" was set up with the cable already available, the attacker need only use a normal lightning cable. None of the protections meant to prevent unauthorized 3rd-party cables would do anything to stop these kinds of attacks.