iPhone Hacked In Under 60 Seconds Using Malicious Charger

DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..." (For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")

Translation:

[CanHasDIY]

The quickest way to get PWND is to give someone else physical access to your device.

Always has been true, and likely always will be.

Re:Why can't Iphone / ipad have usb port for charg

[SIGBUS]

How many Android handsets come with USB debugging enabled by default?

"Bastion of security"

[Ferzerp]

Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.

I thought the RDF had dissipated, but I guess not.

Re:The Internet of Things...

[Anonymous Coward]

Apple's iOs has been known as a bastion of security for many years

Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.

Re:Why can't Iphone / ipad have usb port for charg

[mlts]

Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.

Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.

Re:The Internet of Things...

[Anonymous Coward]

Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.

Re:The Internet of Things...

[Anonymous Coward]

Right... you bought an expensive phone which can be hacked in seconds, but its their fault for using a charger? Perhaps the dongle part is hidden from view and all you see is the cord? if someone wants to hack you they are not likely to put up a sign saying "malicious charging unit here". Typical apple fan response, its the users fault...

Re:"Bastion of security"

[blueg3]

It's right because the jailbreaks are all serious security vulnerabilities. That's how they work, and having them around is dangerous.

Now, it might be nice if Apple allowed people to have the capabilities provided by a jailbreak if they want them. That's not the same as having a jailbreak.

It's a smart hack, thats all

[Camael]

Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.

Come on, lets get a sense of perspective instead of going into fanboyism (or anti for that matter).

Before today I had absolutely no idea a microcomputer could be made to look like a charger, or that the charging port on iPhones could be used to hack iOS. If you read TFA, the way they did it is pretty deceptive and ingenious.

The charger could be made to look like a typical Apple charger, meaning those looking to infect iPhones and iPads could leave them lying around in public charging zones to trick unsuspecting members of the public.

In the demonstration in Las Vegas, the researchers used the Facebook app as an example of an software that could be compromised. Once the charger is plugged in and the user inputs their PIN code, the charger silently and invisibly removes the target app, in this case the official Facebook app. It then replaces it - in exactly the same position on your iPhone/iPad homescreen - with what looks like a perfect replacement. In actual fact this is malware and once you launch it, your phone/tablet has been compromised.

Its fair to say that most people have a blind spot insofar as power ports are concerned, we normally don't think of it as a point of entry and this is the social engineering trick this hack takes advantage of . In fact, I think that prior to iPod/iPhones, no device used their power point to double up as a data connector. Pre-iphone, I remember swapping and borrowing Nokia/Sony etc. phone chargers from friends/strangers with no repercussions whatsoever.

It is very insulting and unfair to call people who would use a stranger's charger 'stupid' -not everyone is a techie or keeps updated with technology news. Which is probably why you posted as AC instead of under your own name =)
 

Re:Why can't Iphone / ipad have usb port for charg

[ljw1004]

Are you distinguishing that from all the devices that do audio, video and controls over USB?