SECURITY RESEARCHERS at the Blackhat security conference next month will demonstrate how they are able to hack into an iPhone using a modified power charger.
Billy Lau, Yeongjin Jang, and Chengyu Song have provided the abstract for their demonstration, saying that they created a hacking charger that cand take down an iPhone in 60 seconds.
"We investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," they warned.
"All users are affected, as our approach requires neither a jailbroken device nor user interaction."
What it does require however, is a hijacked power charger. It is not impossible to believe that third party chargers could be used maliciously, and that is what the researchers will be demonstrating.
"We demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple's existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms," they added.
"To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications."
A proof of concept charger, called Mactans and built using a Beagleboard has been produced. The trio said that their presentation will recommend ways for users to protect themselves against this sort of thing, and will offer Apple advice on shoring up its systems.
Apple did not respond to a request for comment. µ
For all the firm's hits there have been plenty of misses
Oracle founder has almost literally all the money in the world. But what does he spend it on?
Built-in cigarette lighter? Yes please
Kaspersky warns against charging via PCs, Macs and public charging stations