In June we heard about Mactans, a malicious iPhone charger created by three security researchers from the Georgia Institute of Technology. This week the researchers presented their findings at Black Hat, an annual hacker convention in Las Vegas, and Apple officially responded to them. Here's the deal...
Mactans exploits the fact that if you physically plug an unlocked iOS device into a computer, iOS 6 and earlier assumes that you want to trust that computer. The researchers used a small embedded computer in their fake charger to infect any iPhone that was plugged into it with a malicious app. The embedded computer is small enough that it could be disguised as a docking station or comically large charger. Once an iOS device has been plugged into a computer, the computer has full access to the device and all of its data, meaning an attacker could essentially add or remove any data to or from the device that they wish, without the victim ever being aware.
An attacker could use this access to simply read the contents of the device, including but not limited to contacts, text messages, photos, and application data. A more sophisticated attack, like the one demonstrated at Black Hat, could actually provision the device as a developer device in order to install custom apps. Since such apps would not need to go through Apple's normal App Store approval process, they could perform nefarious activities that would normally be flagged by Apple, even disguising themselves as legitimate apps while they do it.
Ars Technica notes that developer accounts are limited to only 100 devices, restricting this type of attack, which is partially true. Normal developer accounts are limited to 100 devices, and as such, could only deploy malicious apps to 100 different devices before needing to use a new developer account. However, enterprise accounts have no such restriction. An attacker in possession of an enterprise developer account would be able to skip the steps of adding the device to a developer account, and could immediately install a pre-built, enterprise-signed IPA directly onto any device as soon as it's plugged in to their fake charger. Apple has the abillity to revoke these accounts which would stop the apps from running on any devices they had already been installed on, but Apple would have to be aware of the problem first.
Reuters published the following from Apple:
Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
iOS 7 will be made available to the public in the fall. Since it's currently under NDA (non-disclosure) we can't discuss how Apple is handling the issue, but we have looked at the process and it seems effective.
In the meantime, people probably don't need to worry too much. There is no evidence of malicious chargers like Mactans being exploited in the wild. With that said, the best practice is simply to not plug your devices into chargers you don't trust. Don't use docking stations in hotels. Don't use USB wall outlets at airports. Pack your own chargers to use.
If you absolutely must use a charger you may not trust, keep your device locked with a passcode the entire time it's plugged in, or better yet, turn your device off completely while it charges.

Gorgeous new Pride Apple Watch bands are now available at some Apple Stores
Apple's latest Pride Apple Watch bands are now available to buy in some Apple Stores, although whether you can walk into a store and pick one up yourself will very much depend on where you happen to be.

Rare Steve Jobs check for $9.18 goes under the hammer, could fetch $25k
A rare check signed by Steve Jobs dated July 23, 1976, has just gone up for auction and could be worth a lot more than it was originally written out for...

Apple store workers get surprise pay rise as union pressure grows
Apple plans to give U.S. workers a pay rise in the face of growing pressure from unions that are emerging in some retail locations.

Keep an eye on the front door with the best HomeKit video doorbells
HomeKit video doorbells are a great way to keep an eye on those precious packages at your front door. While there are just a few from which to choose, these are the best HomeKit options available.