Malicious power-charger can infect Apple iOS devices

Black Hat presentation from Georgia Tech researchers to show malicious proof of concept

IoS devices are vulnerable to malware coming from a malicious charger according to researchers from Georgia Tech.

The researchers, who will be presenting their proof-of-concept charger known as Mactans at the upcoming Black Hat security conference, say: "despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jail-broken device nor user interaction."

[RELATED: FBI: Cyber criminals hitting photo-sharing apps to spread malware, access information]

[OTHER NEWS: Wacky low- and high-tech wheels of the world]

From the group's presentation teaser: " To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish."

According to a Wikipedia entry, BeagleBoard is a low-power open-source hardware single-board computer designed by Texas Instruments in association with Digi-Key. The board was developed by a small team of engineers as an educational board that could be used in colleges around the world to teach open source hardware and open source software capabilities. It is also sold to the public under the Creative Commons share-alike license.

The researchers said they will recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

The Apple security review required for selling apps in the iTunes store has largely prevented security problems for those devices, experts say. Apple isn't foolproof, as some malware has gotten through the company's scrutiny, such as the spam-producing "Find and Call" app discovered last year, said Chris Doggett, senior vice president, North America, at Kaspersky Lab in a recent IDG News Service story. But because the bar is higher with iOS, most attackers look elsewhere.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

NASA: Asteroid-based manufacturing not science-fiction

Asteroid mining company launches $1M Kickstarter drive for public space telescope

US Department of Justice lays out cybersecurity basics every company should practice

Scientists growing new crystals to make LED lights useful for office, home

NASA pondering bleak future of exoplanet-hunter

Google, NASA step into quantum computing

NASA: Mars hit by some 200 small asteroids or bits of comets per year

DHS wants iOS or Windows-based biometric devices for rapid, remote identification of bad guys

FBI/IC3: Impersonation, intimidation and scams, yep that's the Internet alright

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies