Researchers: We can hack an iPhone through the charger

900913

(CNN) -- Apple devices, from Macs to iPhones, have always been able to boast of advanced safety from viruses, spam and the like. Now, apparently, not even your phone charger is safe.
A team of researchers from Georgia Tech say they've discovered, and can demonstrate, a way to to hack into an iPhone or iPad in less than a minute using a "malicious charger."


The team plans to demonstrate its findings at the Black Hat computer security conference, which begins July 27 in Las Vegas.
In a preview of its presentation, the team acknowledges Apple's "plethora of defense mechanisms in iOS." Historically, Mac users have been able to boast of being largely malware free, in part because spammers, scammers and hackers preferred to target the larger number of Windows computers in the world.


On its mobile iOS operating system, Apple has created a "closed garden" environment in which everything from apps to accessories has to be approved by Apple, as opposed to Google's more wide-open Android system.


But by attacking in a nontraditional way, the team of Billy Lau, Yeongjin Jang and Chengyu Song say, those defenses can be bypassed.
"(W)e investigated the extent to which security threats were considered when performing everyday activities such as charging a device," they wrote. "The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.


"All users are affected, as our approach requires neither a jailbroken device nor user interaction."
The team says they have built a malicious charger named Mactans, which they plan to demonstrate at Black Hat. Latrodectus mactans is the scientific name for the deadly black widow spider.


The preview doesn't say whether the charger is a modified version of Apple's standard equipment or entirely new.
"While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish," they wrote. "Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off."
Apple did not immediately respond to a message seeking comment.


Link:http://edition.cnn.com/2013/06/03/tech/mobile/hack-iphone-charger/index.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+rss%2Fcnn_latest+%28RSS%3A+Most+Recent%29

zg3409

I saw another reference to this that it is basically a USB device, and a charger. It connects to the phone using USB. There was a suggestion it may use some sort of system update designed for companies or phone companies that want to push settings on to hundreds of phones over USB.

One suggested work around was a USB extension lead, with the data wires cut.

900913

The malicious USB charger is, essentially, a Texas Instruments BeagleBoard. A BeagleBoard, which has an ARM CPU and a bunch of connectors, is very similar to the Raspberry Pi. Basically, the security researchers have built a power brick with a BeagleBoard inside it — so rather than plugging your iPhone/iPad into a normal USB plug, you’re actually plugging it into a computer. It isn’t clear what operating system the researchers are using, but it’s probably Linux-based. Once you plug in, some custom software then gets to work, cracking iOS in under a minute and installing some malware.



Link:http://www.extremetech.com/extreme/157207-black-hat-hackers-break-into-any-iphone-in-under-a-minute-using-a-malicious-charger

Khannie

900913 wrote: »

so rather than plugging your iPhone/iPad into a normal USB plug, you’re actually plugging it into a computer

I suspected that might be the case. /Slightly/ cheating, but only slightly. I'd be interested to hear how they actually break into the iPhone though. I'm sure the jailbreaking community would be delighted to hear too.

900913

You can access the file system with http://www.i-funbox.com/ on a non-jailbroken device.

Khannie

From the screenshot it looks like the root filesystem too, which is nice. You'd still presumably be subject to unix permissions issues though (though I must say, while it is obviously relatively robust and time tested, I would hate to have that as my last line of defence).

Capt'n Midnight

shrink the PC down, add wireless (maybe powerline addaptor ?) and then the only trick needed is to get it into the company.

Bling it up and leave in car park ?
Post it to the PA of the boss as a gift from a new supplier ?

TBH there are lots of devices out there that can boot from / be rooted from USB , especially on cold boot. You could ID cold boot from current drain or time it takes to do the USB handshake. Add a light sensor and you can tell if the device has been left overnight to charge.

900913

Capt'n Midnight wrote: »

shrink the PC down, add wireless (maybe powerline addaptor ?) and then the only trick needed is to get it into the company.

Programmable HID USB Keystroke Dongle

Link:http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle