IoS devices are vulnerable to malware coming from a malicious charger according to researchers from Georgia Tech.
The researchers, who will be presenting their proof-of-concept charger known as Mactans at the upcoming Black Hat security conference, say: "despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jail-broken device nor user interaction."
[OTHER NEWS: Wacky low- and high-tech wheels of the world]
From the group's presentation teaser: " To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish."
According to a Wikipedia entry, BeagleBoard is a low-power open-source hardware single-board computer designed by Texas Instruments in association with Digi-Key. The board was developed by a small team of engineers as an educational board that could be used in colleges around the world to teach open source hardware and open source software capabilities. It is also sold to the public under the Creative Commons share-alike license.
The researchers said they will recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
The Apple security review required for selling apps in the iTunes store has largely prevented security problems for those devices, experts say. Apple isn't foolproof, as some malware has gotten through the company's scrutiny, such as the spam-producing "Find and Call" app discovered last year, said Chris Doggett, senior vice president, North America, at Kaspersky Lab in a recent IDG News Service story. But because the bar is higher with iOS, most attackers look elsewhere.
Check out these other hot stories: