Apple devices vulnerable to attack via bogus charger
UK, June 5 – Apple iPhones can be taken over with "alarming" ease using a custom-built charger, security researchers warn.
Using the bogus charger, a team from Georgia Institute of Technology managed to infect a phone with a virus in less than a minute.
Any device using Apple's iOS operating system would be as vulnerable to infection, claim the trio.
More details of their work will be given at the upcoming Black Hat USA hacker conference.
Computer control
Brief details of the work were given in a summary of the talk the three researchers are scheduled to present at the hackers' get-together.
The researchers, Billy Lau, Yeongjin Jang and Chengyu Song, said they were able to get around the many defences in iOS to install any software they wanted on a target device.
"All users are affected, as our approach requires neither a jailbroken device nor user interaction," they wrote.
The team created their malicious charger using a tiny bare-bones computer called a BeagleBoard that costs about £30 ($45).
"This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed," wrote the researchers in their conference summary.
This computer on the BeagleBoard communicates with the target computer and carries out the attack that loads malicious software. The researchers say they studied Apple's security systems closely to find a way round its attempts to stop attackers installing rogue programmes and apps.
The researchers hid the malicious application they installed by using the same method Apple employs to conceal the location of its own applications on iOS devices.
The presentation will also make recommendations about how Apple could close the vulnerability uncovered by the team.
BBC
Feedback