In June we heard about Mactans, a malicious iPhone charger created by three security researchers from the Georgia Institute of Technology. This week the researchers presented their findings at Black Hat, an annual hacker convention in Las Vegas, and Apple officially responded to them. Here's the deal...
Mactans exploits the fact that if you physically plug an unlocked iOS device into a computer, iOS 6 and earlier assumes that you want to trust that computer. The researchers used a small embedded computer in their fake charger to infect any iPhone that was plugged into it with a malicious app. The embedded computer is small enough that it could be disguised as a docking station or comically large charger. Once an iOS device has been plugged into a computer, the computer has full access to the device and all of its data, meaning an attacker could essentially add or remove any data to or from the device that they wish, without the victim ever being aware.
An attacker could use this access to simply read the contents of the device, including but not limited to contacts, text messages, photos, and application data. A more sophisticated attack, like the one demonstrated at Black Hat, could actually provision the device as a developer device in order to install custom apps. Since such apps would not need to go through Apple's normal App Store approval process, they could perform nefarious activities that would normally be flagged by Apple, even disguising themselves as legitimate apps while they do it.
Ars Technica notes that developer accounts are limited to only 100 devices, restricting this type of attack, which is partially true. Normal developer accounts are limited to 100 devices, and as such, could only deploy malicious apps to 100 different devices before needing to use a new developer account. However, enterprise accounts have no such restriction. An attacker in possession of an enterprise developer account would be able to skip the steps of adding the device to a developer account, and could immediately install a pre-built, enterprise-signed IPA directly onto any device as soon as it's plugged in to their fake charger. Apple has the abillity to revoke these accounts which would stop the apps from running on any devices they had already been installed on, but Apple would have to be aware of the problem first.
Reuters published the following from Apple:
Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
iOS 7 will be made available to the public in the fall. Since it's currently under NDA (non-disclosure) we can't discuss how Apple is handling the issue, but we have looked at the process and it seems effective.
In the meantime, people probably don't need to worry too much. There is no evidence of malicious chargers like Mactans being exploited in the wild. With that said, the best practice is simply to not plug your devices into chargers you don't trust. Don't use docking stations in hotels. Don't use USB wall outlets at airports. Pack your own chargers to use.
If you absolutely must use a charger you may not trust, keep your device locked with a passcode the entire time it's plugged in, or better yet, turn your device off completely while it charges.
We may earn a commission for purchases using our links. Learn more.
There's a new official trailer for Apple TV+'s 'Visible: Out on Television'
Apple has shared an official trailer for "Visible: Out on Television" on YouTube.
Apple CEO Tim Cook says global tax 'needs to be rehauled'
Tim Cook was speaking in Ireland, the country Apple has been accused of using as a way to avoid paying tax elsewhere.
Tim Cook and Apple commemorate Dr. Martin Luther King Jr. Day
Today is Martin Luther King Jr. Day and both Apple and its CEO are commemorating.
Protect your iPad Air screen with one of these low-cost screen protectors
Keep your iPad Air’s screen protected and safe with some help from the best screen protectors out there!
