Researchers to Show How To Hack iPhone with USB Charger

| News

Researchers from the Georgia Institute of Technology will be demonstrating a proof-of-concept method of hacking an iPhone using a malicious USB charger. Billy Lau, Yeongjin Jang, Chengyu Song announced the demonstration for Black Hat USA 2013, an annual conference for hackers and security researchers that begins on July 27th in Las Vegas.

The short version is the three researchers found a way to use USB protocols to bypass some of Apple's security features in iOS that prevent unauthorized software from being installed on your iOS device. The three built a charger based on a BeagleBoard (see below)—a US$125 computer-on-a-circuit-board—that was able to successfully insert malware onto an iPhone plugged into it.

Worse, they can do so in under a minute.

BeagleBoard

BeagleBoard

"Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," the researchers wrote on their BlackHat presentation description. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."

In the demonstration, they said will discuss Apple's existing security mechanisms that protect against "arbitrary software installation," which in layman's terms essentially means malware. They will then describe how standard USB capabilities can be, "leveraged to bypass these defense mechanisms." To finish it off, they will demonstrate how this same process can be used to then hide the resulting malware from the user the same way Apple hides its own built in software.

The three researchers named their malicious charger "Mactans." The BeagleBoard it is based on is an off-the-shelf circuit board that can be used to create all manner of tiny computing devices running Angstrom (Open Embedded), Debian, Ubuntu, and Gentoo. There are other BeagleBoard products as well, including a slightly larger model with a 1GHz Sitara ARM Cortex-A8 processors that can run Android.

The point the researchers are making is that their method can be accomplished with readily available technology.

"While Mactans was built with limited amount of time and a small budget," they wrote, "we also briefly consider what more motivated, well-funded adversaries could accomplish."

The researchers will offer methods for protecting yourself against such an attack—we'll throw out that you should probably be choosy about using a charger whose provenance you can't verify—and what Apple can do to make this attack, "substantially more difficult to pull off."

[Via Forbes]

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Spin: Zoinks! This is a doozy. While the researchers focused on the concept from the standpoint of a charger, it's no stretch at all to envision a portable device with a dock that the bad guys could shove into an iPhone that got set down in a coffee shop—no pretense at being a usable charger necessary so long as the device can convince your iPhone that it's charging.

So, keep your iPhone in your pocket, in your bag or purse, or in your hands, and mind the friendly stranger with the handy charger, especially if it looks bulky and/or home made. It sucks to have to offer such advice, but until or if Apple addresses this issue, being safe is better than being sorry.

Popular TMO Stories

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

4 Comments

geoduck

Just had several scenarios pop into my head. A scene in the new Hawaii Five-O where an undercover operative working in an office waits until Mr. Big mentions his phone was running out of juice. “Here you can plug it into my charger for a bit.” Badabing Mr. Big is pwned. Or the next edition of the Bourne series where he sneaks in and replaces a couple of chargers in his adversaries homes. Poof he can eavesdrop on everything. Or the CIA slipping a modified charger into the luggage of one of Iran’s Nuclear techs. Pow they know where the labs are.

Oh the possibilities are endless.

Lee Dronick

Hopefully Apple will quickly issue a security update, for all versions of iOS.

I wonder if there are similar exploits for Windows Mobile, Android, et al.

Dean Lewis

Of course other phone OSes could be exploited in this way, or in other ways even. However, that wouldn’t get as many headlines. If you want to get talked up in the press, you go after Apple.

mjtomlin

The nice thing about Apple being such a big target fro these hackers, is that “holes” like this can be plugged. Although I have to say this is a far-fecthed manner to go about slipping malware onto someone’s phone. The major driving point of writing malware is to target a huge user base. A USB charger is a very, very finite base.

Still I suppose there’s potential here and enough to warrant Apple’s attention.

Log-in to comment