updated 08:49 am EDT, Mon June 3, 2013
Proof of concept attack hardware uses $45 computer, USB
Security researchers have unearthed a method that can add software to an iOS device using a charger. Researchers from the Georgia Institute of Technology will reportedly demonstrate a proof-of-concept charger at the Black Hat security conference in late July that will be capable of installing malware onto an iPhone without the user's knowledge.
The presentation briefing from Billy Lau, Yeongjin Jang, and Chengyu Song claims that the iOS device being charged could be compromised within one minute of being plugged in, and that the resulting software installed could be hidden from view in a similar way to how Apple hides some of its own built-in software items.
In order to demonstrate the USB-based attack's effectiveness, the researchers have constructed a charger using a BeagleBoard, a low-power and open source single-board computer from Texas Instruments that costs $45, which the team calls Mactans. While the resulting hardware would be significantly bigger than the typical Apple charger, thanks to the BeagleBoard's size, it is suggested by the team that someone with more time and funding could end up making a more efficient and well-disguised version.
It is warned that "All users are affected, as our approach requires neither a jailbroken device nor user interaction," including ones running the latest iteration of iOS. Speaking to Forbes, Jang confirmed that the team had contacted Apple with their findings, but has yet to hear anything back. Jang also refused to comment further on the hack.