Monday, June 3, 2013

Charger can hack Apple devices with ‘alarming ease’, researchers claim

from http://www.telegraph.co.uk
A modified mobile phone charger could be used to hack Apple devices in under a minute, researchers will claim at a conference next month.
"That was easy..."

Researchers from Georgia Tech claim that a readily available 3” circuit board, easily concealed in a docking station or battery, could be used to exploit weaknesses in mobile security with “alarming ease”. They claimed that on a limited budget and with little time, they had developed an ‘exploit’ that could easily attack any Apple iOS device within a minute.
In a summary of their talk to be given at the Black Hat conference next, month, the three researchers say “In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.”
Forbes reported that Apple have not yet responded to the hack, called ‘Mactans’, which does not yet exist outside the researchers' work. Although it is the first publicised malicious hack using such a method, the iOS power port has been used by enthusiasts to gain additional control over the operating system, called jailbreaking.

The researchers, who have given no further details of the hack, say, “Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
The current version of the device could easily be made even more convincing, the researchers say: “To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.”

3 comments:

  1. Good reason to not buy cheap Chinese chargers or use docks in Chinese hotels.

    ReplyDelete
  2. It does not matter..... In Apple's world.... there is no such thing as virus or malicious software....... even if they exist, there will always a big denial......

    ReplyDelete
  3. In Apple's world, its mostly just "proof of concept" exploits that don't have any effect. But oh how they titillate the haters.

    ReplyDelete