TECH

iPhone Hacked In 60 Seconds By Modified Charger

03/06/2013 13:25 | Updated 03 August 2013

Researchers have reportedly been able to install dangerous hacking software onto an iPhone in less than a minute using a modified charger.

The team at the Georgia Institute of Technology intend to showcase the charger at the Black Hat 2013 hacker conference in July.

According to their description of the presentation, they were able to hack any iOS device using just the modified cable.

By plugging the cable into the iPhone or iPad, they could break Apple's security measures and install new programs on the device. Those applications could present innumerable security threats, such as capturing data sent to and from the phone, including passwords and account details.

"Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device," said the team, made up of Billy Lau, Yeongjin Jang and Chengyu Song.

"The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction."

The team said they built the charger using a BeagleBoard, a small computer similar to a Raspberry Pi.

They explain:

"To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed.

While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off."

Suggest a correction