Blackhat2013
Latest
Apple: iOS 7 fixes the nefarious charger hack
Three Georgia Tech hackers demonstrated how to install malware on an iPhone using a custom charger at the Black Hat USA 2013 conference, according to a report in ZDNet. The hack exploits a vulnerability that is present in all shipping versions of iOS, but has been patched in the latest beta version of iOS 7. Billy Lau, Yeongjin Jang and Chengyu Song showed off their malicious "Mactans" charger that was constructed with a BeagleBoard running Linux. Once an iPhone was attached to the charger, an unsuspecting user could type in his passcode to access his phone and kick off a chain of events that would compromise his handset. In the Black Hat demo, custom software running off the BeagleBoard deleted the Facebook app on the phone and replaced it with a fake, malicious app. The Georgia Tech team informed Apple about this vulnerability, but it has not been patched in iOS 6 or older. Apple told Reuters that this vulnerability has been closed in iOS 7 beta 4. "We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr told Reuters.
Modified iPhone charger installs malware
iOS may be susceptible to hacking via a malicious charger says a Black Hat briefing by Billy Lau, Yeongjin Jang and Chengyu Song. This approach uses a charger that looks like a standard charger, but has malicious software on it. When an iOS device is plugged into the charger, an attacker can bypass iOS defense mechanisms and compromise a device within one minute of it being plugged in. The team built a prototype charger using a BeagleBoard and was able to demonstrate how easy it is to build a malicious charger, even on a limited budget. This attack affected any current-generation Apple device running the latest version of iOS and did not require the targeted device to be jailbroken.
