Jun. 5, 2013 (TSR) – Apple and iOS devices are considered by many to be more secure than other mobile offerings, but you should think twice or even thrice or even more before using someone else’s charger next time your iPhone is running out of battery.
Investigating the extent of these devices’ security, researchers found a way to hack your iPhone within less than a minute: A malicious charger.
The results were alarming: despite the plethora of defense mechanisms in iOS, they successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.
All users are affected. The hack attack apparently does not require any user interaction and it works against even devices that are not jailbroken.
Three security researchers , Billy Lau, Yeongjin Jang and Chengyu Song from the Georgia Institute of Technology, found that an iOS device can be compromised within one minute of being plugged into a malicious charger.
By first examining Appleās existing security mechanisms to protect against arbitrary software installation, they then describe how USB capabilities can be leveraged to bypass these defense mechanisms.
An attacker can hide their software in the same way Apple hides its own built-in applications to ensure persistence of the resulting infection, as their research shows.
To demonstrate practical application of these vulnerabilities, they built a proof of concept malicious charger, called Mactans, using a BeagleBoard.
This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed.
While Mactans was built with limited amount of time and a small budget, they also briefly consider what more motivated, well-funded adversaries could accomplish.
Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
The team will demonstrate the proof-of-concept of the hack at upcoming BlackHat Arsenal Tool hacker conference in July 27-August 1, to be held at Caesars Palace, Las Vegas, USA.
Researchers’ Background:
Billy Lau is a research scientist at Georgia Institute of Technology. He is primarily interested in information security, with emphasis on hypervisors, operating systems and user applications. Recently, he has been examining the security designs and impacts of the emerging mobile devices in the marketplace. In particular, he loves to challenge the status quo on conventional security assumptions which are often broken when put to test. He graduated from University of Michigan at Ann Arbor with a Master’s of Engineering in Computer Science and University of Illinois at Urbana-Champaign with a Bachelor’s of Science in Computer Engineering. He hopes to make a difference by making usable computer systems more secure and secure systems more usable.
Yeongjin is a PhD student at Georgia Institute of Technology. His research interests are focused on operating system and mobile security. Prior to joining Georgia Tech, he participated in various capture-the-flag (CTF), including DEFCON CTF, CODEGATE, etc. He received his B.S. degree in Computer Science from KAIST in 2010.
Chengyu Song is a PhD student at Georgia Institute of Technology. His current research interest is in system security, with a special focus on topics that may have practical impact. Prior to Georgia Tech, Chengyu received his Bachelor’s and Master’s degree from Peking University China, where he worked with other researchers on malware analysis, botnet, underground economy and drive-by download attacks. He is also a member of the Honeynet Project.
