iPhone Hacked In Under 60 Seconds Using Malicious Charger 170
DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..."
(For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")
Translation: (Score:5, Insightful)
The quickest way to get PWND is to give someone else physical access to your device.
Always has been true, and likely always will be.
Re: (Score:2, Informative)
In the 2011 Pwn2Own contest, Charlie Miller and Dion Blazakis "PWND" the Iphone 4 using a mobile Safari vulnerability.
Apple is almost always a loser at the Pwn2Own events.
Re: (Score:2)
The quickest way to get PWND is to give someone else physical access to your device.
In the 2011 Pwn2Own contest, Charlie Miller and Dion Blazakis "PWND" the Iphone 4 using a mobile Safari vulnerability.
Relevance?
That mobile hacks are possible hardly disproves OP's point (or addresses it any pertinent way).
Re: (Score:2)
In the 2011 Pwn2Own contest, Charlie Miller and Dion Blazakis "PWND" the Iphone 4 using a mobile Safari vulnerability.
Apple is almost always a loser at the Pwn2Own events.
Pwn2Own only allows 0-day hacks. If somebody else goes wild with the exploit you found on the day before the contest, you can't win. That's why everybody focused on the platform where there wasn't a new exploit in the wild every other day. Until they couldn't find exploits there anymore - no hacked Apple products in Pwn2Own since 2012.
Re: (Score:2)
Having access to a couple of data pins on a device is not "physical access" any more than being on the same wired/wireless network is.
You're kidding, right?
Tell me you're kidding.
Re: (Score:2)
No, but there's a good mitigation: the first guy who uses that charger probably alerts others. A persistent, undetectable hack is a lot more useful, since it can affect more than one person before being noticed.
Jailbreak exploit opportunity (Score:2)
So does this mean you could write a jailbreak for iOS device using a modified charger? If so, how is this any different than plugging the device into a computer?
Re:Jailbreak exploit opportunity (Score:5, Informative)
Re:Jailbreak exploit opportunity (Score:4, Informative)
Interestingly, for the hack these guys created to work, the attacker must have a valid developer's license, and the target iOS device must already be jailbroken. The first bit allows them to query Apple's dev site for the debug key for your specific iOS device; the second is required to get the loaded software to actually run on the device.
HOWEVER, the same technique can be used to read all data available in userspace on the phone, so improperly stored passwords, plus all other app data and configuration data could be grabbed in this manner.
If Apple can fix this in iOS 7, I'm expecting the jailbreak community to create a fix (that will be loaded as part of the jailbreak process) in short order. Something similar to bluetooth pairing for debug and filesystem access would be an extremely good idea, plus it would close a number of outstanding attack vectors in iOS devices, not just the ones presented.
Re:Jailbreak exploit opportunity (Score:5, Informative)
No, it doesn't require the phone to be jailbroken. It does, however, require the attacker to have a paid Apple Developer account with a valid credit card, and it digitally signs all the malware with that developer's information, and limits the total number of devices ever attached to that account to 100 without calling Apple and requesting a reset, and requires the attacking "charger" device to be online at the time of the attack. It also requires the phone to not be in its lock screen, so for it to work you have to manually unlock it and type in your passcode while it's plugged in.
So it's pretty much a proof-of-concept attack that's not very practical yet, but could probably have been built upon if Apple hadn't already put a fix into the version of the OS coming out soon which, if history is a guide, 90%+ of the iOS installed base will be on in a few months.
Re: (Score:2)
agreed. and perhaps explains why Apple locked everything down and brought it back up so as to ensure integrity.
The jokes just write themselves (Score:5, Funny)
delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails
"Bastion of security" (Score:5, Insightful)
Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.
I thought the RDF had dissipated, but I guess not.
Only locally, not remote (Score:3)
Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages)
There was one such remote vulnerability, via PDF, some years ago... none since then I know of.
There have always been local flaws because Apple leaves some local exploits to keep jailbreaking viable.
Of course, even with said flaws actual exploits exist pretty much only for Android.
Re: (Score:2, Troll)
There have always been local flaws because Apple leaves some local exploits to keep jailbreaking viable.
No, they don't. They patch the exploits that jailbreaks use as soon as they can. If Apple wanted "jailbreaking" to be "viable" then it would be a built-in feature, not a root hack. Of course, a published statement from Apple stating the contrary would go far to further your claim.
Of course, even with said flaws actual exploits exist pretty much only for Android.
Even though I realize that "SuperKendall" is synonymous with "unapologetic Apple fanboy", for some reason I still feel compelled to respond. I guess I'm bored.
Pwn2Own 2010: iPhone 3GS compromised via bypassing code signing; Nex
The Real POwn (Score:3, Informative)
Pwn2Own 2010: iPhone 3GS compromised via bypassing code signing; Nexus One not compromised.
Every year Android has existed: 99% of viruses on Android [kaspersky.com].
Reality totally contradicts the picture you are trying to point. Android far more secure: Odd then it has ALL of the viruses/trojans/malware. Apple disliking jailbreaking: odd then that jailbreaks come out with great regularity after every new OS or device release (but mostly tethered) and Apple hires jailbreak developers to work on core systems sometimes..
Pot calling kettle much? (Score:2)
Please, read TFA you linked to.
99% of newly discovered malware is not the same as 99% of viruses. Stop spinning.
Further, having a larger number of malware directed at a platform does not mean that particular platform is less secure. Malware makers will benefit the most by having large infection pools, and will thus often target the most popular platform, which r
Re: (Score:2)
Every year Android has existed: 99% of viruses on Android
Don't move the goalposts, are you talking about root exploits or viruses? I'm not talking about viruses, and you weren't either. Apparently, now you are.
Reality totally contradicts the picture you are trying to point. Android far more secure
That's not my point. YOUR point was that "exploits exist pretty much only for Android", and I was refuting that my pointing out exploits for iOS. I said nothing about Android's security. I know about Android's security, I'm not trying to hold it up as a bastion of security like you're doing for iOS, I'm trying to contradict your demonstrably false stat
Re: (Score:3)
I looked at the pwn2own website for results from 2012, they only listed browsers. I assumed no mobile devices were included. I looked at this:
http://pwn2own.zerodayinitiative.com/ [zerodayinitiative.com]
and this:
http://pwn2own.zerodayinitiative.com/status.html [zerodayinitiative.com]
Re:"Bastion of security" (Score:4, Informative)
Wow, that remote exploit was for iOS 4, an OS that shipped in 2010-2011. There's only one phone stuck on iOS 4 - the iPhone 3G - everyone else is able to run a higher version.
Yes, I suppose if one is used to Android, they would think a ton of people still use iOS 4, but no. After all, iOS 4 came out around the time of Gingerbread, which is still used by a third of Android phones.
Of course, iOS 6 has proven to be EXTREMELY difficult to compromise. It took 6 months before the first jailbreak came out (for 6.1.0) and a bunch of critical flaws were discovered including unlock screen flaws, resulting in 6.1.1, 6.1.2 and the current version of 6.1.3.
Unfortunately, 6.1.3 closed the flaw the jailbreaking flaw and no new one has been found since. Old devices have tethered jailbreaks for 6.1.3 but that's it. New ones like the iPhone 5 and iPad 4 ... no jailbreak exists.
Re: (Score:3)
Re:"Bastion of security" (Score:5, Insightful)
It's right because the jailbreaks are all serious security vulnerabilities. That's how they work, and having them around is dangerous.
Now, it might be nice if Apple allowed people to have the capabilities provided by a jailbreak if they want them. That's not the same as having a jailbreak.
Re: (Score:3)
How would you do that without giving people the chance to completely hose their machines like PCs?
Jailbreaking is to get out of the "jail" that iOS puts on applications, so it's basically giving root to iOS users.
If you give people the ability to, they will do it because someone will tell them to do it. There is no way around dancing pigs [wikipedia.org]. Hell when jail
Re: (Score:2)
Yes, that is the problem. I said "might be nice". There are some benefits (the reasons people jailbreak) and there are lots of downsides, like you indicate.
The fact of the matter is that you can get the capabilities of jailbreaking right now and people do it. The mechanism is jailbreaking via a vulnerability. It would at least be better if they had the same capabilities but without the vulnerability.
Re: (Score:3)
The last time we had a boot-level one was when the iPhone 4 was out.
I don't know what you mean by a "boot-level" exploit, but evasi0n was out in February, several months after the iPhone 5 launched. That particular exploit does modify boot files and gain access to the kernel, if that's what you mean by "boot-level".
At best there is a 1-2 week window when a JB comes out and when Apple does an update, slamming it shut.
The patch that fixed the exploits used by evasi0n was released more than a month after evasi0n went public.
If you're going to shill for Apple, it's probably good to at least stick to facts. But then it wouldn't really be shilling, would it?
does delete an official app (say Facebook) (Score:2)
Re: (Score:2)
Sounds like a good idea to me - ROLL IT OUT
Sounds like a good idea - FOR ME TO POOP ON!
"...The wiser choice." (Score:1)
Nonsense. It's absolutely the wisest thing Apple could possibly do. Adding the spur of an outstanding unpatched "OMG I'm PWND" vulnerability to the carrot of the news "OMG SHINY" is absolutly brilliant. A wonderful way to counter sagging uptake.
Oh, you mean "wisest in terms of supporting your customer?." How quaint.
They're not your cust
Bastion of security? (Score:4, Informative)
I'm sorry, but if every version of your OS is trivially jail-breakable (with, for example, exploits that amount to root privilege escalation by simply visiting a web page on the device's browser), you are NOT a bastion of security.
You can argue that Apple does a better job of "securing" their app store than Google does, but that doesn't make the devices themselves any more secure. Just because something trivially exploitable hasn't been exploited (that you know of ... yet) doesn't make it secure.
--Jeremy
Re: (Score:2)
Re: (Score:3)
this post is both informative and insightful. I can only hope that the moderators notice. I was worried about this until I found out that you have to unlock the device. Oh, wait, it also requires a developer account -- it cannot actually install unsigned code and have it run. It also requires an Internet connection. Oops.
Don't get me wrong: this is bad. But for those who are security conscious (that is, actually use a passcode) it is unlikely to be developed into an effective attack before the patch is in p
Move along, nothing to see here (Score:1)
This is just more mindless Google fanboy anti-Apple hate.
It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.
And this is just like a jailbreak, so it is a good thing.
Re: (Score:2)
This is just more mindless Google fanboy anti-Apple hate.
It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.
And this is just like a jailbreak, so it is a good thing.
Actually, this isn't mindless. This has been a known security issue in iOS since iOS 3 days, that Apple hasn't bothered to fix.
See this article coming out of DEFCON 2011:
http://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/ [sophos.com]
So unless you carry around a charging cable with the data pins removed or never charge at a USB port you don't own yourself, this is an issue (and has been for years).
Google (partially) fixed this on Android when noise first started being made in late 2010, but Ap
Re: (Score:2)
This is just more mindless Google fanboy anti-Apple hate.
It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.
And this is just like a jailbreak, so it is a good thing.
Actually, this isn't mindless. This has been a known security issue in iOS since iOS 3 days, that Apple hasn't bothered to fix.
See this article coming out of DEFCON 2011:
http://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/ [sophos.com]
So unless you carry around a charging cable with the data pins removed or never charge at a USB port you don't own yourself, this is an issue (and has been for years).
Google (partially) fixed this on Android when noise first started being made in late 2010, but Apple didn't. Of course, due to fragmentation, that only means it's fixed if you bought your Android phone after mid-2011 or have an upgrade that implements the fix -- but Apple seems to be fragmenting within its own ecosystem, as this fix is iOS 7, and there are now a large number of iOS devices in every day use that aren't won't run iOS 7.
Yes, this is mindless, because it's an issue with all mobile OSs - funny how you managed to find an article that pretends otherwise http://managedsolutions.com/tag/juice-jacking/ [managedsolutions.com] doesn't.
BTW: there are commercial chargers that remove malware from Androids http://kapricasecurity.com/ [kapricasecurity.com] - you really believe the opposite can't be done?
Quite misleading (Score:5, Informative)
The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.
The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.
Still, a fun wee hack and novel approach.
Posting anonymous for obvious reasons... (Score:1)
The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.
The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.
Still, a fun wee hack and novel approach.
It also requires a modified cable with at least some of the same electronics that are used for the factory burn-in through the dock connector. The hack either required some stellar reverse engineering, or it required access to an Apple engineer with clearance for the cable for developer fused devices, or it required a factory worker in China to sneak out a cable. My money would be on the China connection, since China tends to leak like a sieve, even in the factories used for Apple products.
Re: (Score:2)
What component of the hack actually required that?
As I understand it (having been at the talk), all it does is grab the device UDID, pair with the device as if it was a copy of iTunes, sign and install a developer provisioning profile, and use that to install an application signed by the corresponding developer signing cert.
Three of these (obtain UDID, pair with device, install application) are used all the time in the normal operation of syncing with iTunes. Installing a developer provisioning profile is u
Re: (Score:3)
The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal. It then signs the malicious app and installs it. It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.
Everything that Ernest said, plus one more important note: Your phone must be either unlocked or not passcode/password protected, in order for this exploit to function. (Just another good reason to use what should be common sense security precautions, really.)
well, duh. (Score:2)
The "charger" port is, in fact, a USB port (or something similar) so yeah: if you don't have physical security, you don't have security, just like everything else.
Also, "Apple... will fix the vulnerability in the iOS 7 release" is not the same as "Apple has said they won't fix this in iOS 6." We'll have to wait and see what they say/do before passing judgement. (Radical idea, I know.) Apple was selling 3GSs with iOS 6 less than a year ago, and as far as I know, those little guys won't run 7.
Re: (Score:3)
Apple was selling 3GSs with iOS 6 less than a year ago, and as far as I know, those little guys won't run 7.
And you're thinking that's a reason why Apple would support the people who aren't paying them money anymore instead of trying to push them to buy the new version?
Bogus summary (Score:5, Funny)
If this charger deletes the Facebook app, I don't think that qualifies as "malware".
Wasted jailbreak (Score:2)
Whatever flaw they are using to hack the phone is a possible jailbreak exploit that they are needlessly wasting.
At the very least they should let the jailbreak community at this first, THEN show off the malicious charger. At this rate we'll never see a JB for iOS 7!
Should be tagged "humor". (Score:1)
You had me at "Apple's iOs has been known as a bastion of security for many years"...
If Snowden uses an iPhone... (Score:2)
Re: (Score:2)
political enemies that use an iPhone.
On Slashdot these often seem to be synonymous. (iPhone user here)
Bug? More like "security feature" (Score:1)
I'm sure this is intentional. That's why they're not fixing it until next version, when they can implement a new backdoor that isn't so easy to find before onboarding the new clients (NSA). Same type of shit from Microsoft and Oracle delaying zero-days. "oh yeah we can fix this obtuse, barely exploitable and complex exploit in an emergency out of cycle release" "oh, but, no. this obvious out of bounds issue with a trivial satiny check fix with exploits in the wild that convenient make investigators jobs
This helps Apple (Score:1)
Do not buy anything except Steve Jobs' blessed chargers from Steve Jobs' blessed stores from Steve Jobs' bless salesgeniuses.
Dupe (Score:2)
http://it.slashdot.org/story/13/06/03/0312208/researchers-infect-ios-devices-with-malware-via-malicious-charger [slashdot.org] - "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger..."
We warned you. (Score:2)
Back in 2009, I wrote on Slashdot [slashdot.org]
Yes, I was in an airport recently, and there were power outlets with both AC and USB. The future is here.
Yes, but how do you know it only provides power? It might also read or write whatever is plugged into it, install malware, steal your info, or whatever.
We warned you. You didn't listen. Now suffer. Downside [downside.con]
"Nifty" that they're fixing it? (Score:3)
[I]t's nifty that Apple is addressing the issue in iOS 7.
How is that "nifty"? It's the least they should do. It's like Chris Rock's thing about all those parents who go round proudly proclaiming that "I take care of my kids!" You're supposed to take care of your kids!
Can we just have a voltage-wire-only charger? (Score:1)
If you cut all the wires in your charging cable except power and ground, will the device still charge?
If so, transparent "USB extenders" that only have power and ground wires would let anyone charge anywhere without data risk (there would still be the risk of malicious over-voltage, but that's a different risk).
If not, then future devices that charge over USB or other data+power cable should be built to charge with a "power-only, all other pins disconnected" cable.
Re:Why can't Iphone / ipad have usb port for charg (Score:5, Informative)
Re:Why can't Iphone / ipad have usb port for charg (Score:5, Insightful)
How many Android handsets come with USB debugging enabled by default?
Re:Why can't Iphone / ipad have usb port for charg (Score:5, Insightful)
Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
Re:Why can't Iphone / ipad have usb port for charg (Score:5, Informative)
iOS uses signing too. The hack described here reads the phone's UID, signs it with an Apple dev key, and then pushes it to the phone. It requires communication with Apple servers and can be used on at most 100 devices before it's automatically disabled.
It's a slightly different style of attack than would be used on Android phones, but in terms of public vulnerability it's not really a different threat level.
Re: (Score:3)
it also requires the user to unlock the device.
Re: (Score:2)
Assuming the user keeps the device locked normally. It's a balance of convenience and security, and this revelation has changed the balance.
Re: (Score:2)
Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
Not quite,
If the device is in fastboot mode it'll let any device have it's way with its file system.
But you need have put the device in fastboot mode, which means the user is an idiot or you've got physical access to the device. In which case on device security wont help one iota.
Re: (Score:2)
Re: (Score:2)
This isn't accurate. Fastboot will only flash something that's signed by the manufacturer, unless the bootloader is unlocked, which won't matter anyway if the device is encrypted. Nexus devices are locked too, and unlocking the bootloader wipes all data, so you still won't get access to anything. ADB sideloading requires ADB to be enabled and the RSA fingerprint of the PC to be accepted.
I wasn't talking about flashing anything, simply reading, copying to and modifying files on the file system. Fastboot enables the ADB bridge.
If you've gotten into fastboot, you've probably bypassed most if not all the security measures (most importantly, the physical security).
Re: (Score:2)
Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.
Hmm... So how is that different from the Apple charger case if a user manually authorizes the process? Didn't you read the TFA or even the summary?
Once the charger is plugged in and the user inputs their PIN code, ...
You see, it means that an iPhone user has to input their PIN or "authorize" the access, which is similar to clicks "OK" as you mentioned. From here, I see no difference between the USB debugging feature enabled and charger...
Re: (Score:2)
That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...
Almost.
I have seen USB wire things that do not have data connected (at AT&T shops).
At the time I passed on the $9 cable because I wanted to move stuff on and off my phone via USB.
Now that someone has done this hack I will get and keep a no data USB wire for travel and other situations where I might plug into a random who knows USB charger and not my own charger.
It does tell me that the TLA guys now have a window into my soul should they replace my charger at home with their device that sends my s
Re: (Score:1)
You'll only get 150mA charging from a USB cable with no data lines. Anything higher from a computer requires negotiation (will get you up to 500mA), and from a wall-wart requires shorting the data pins.
Re: (Score:2)
My outlets at home provide all the current my device could hope for.
Re: (Score:2)
Why can't Iphone / ipad have usb port for charging and not high priced apple changes with iffy knock offs?
Jobs wanted it so. (not the iffy knock offs, he hated those)
It does use USB for charging, USB more dangerous (Score:1)
Why can't Iphone / ipad have usb port for charging and not high priced apple changes
The Apple chargers just supply a USB port power. The iOS devices can all plug into any USB port to charge...
The ironic thing is that if Apple did in fact make "apple changes" then it would be HARDER for this attack to work, because you'd have to re-create the Apple charger and the charger would have to have a data line into the phone, unlikely.
In fact, ANY device that uses USB to charge is potentially prone to attacks where
Re: (Score:1)
Why can't Iphone / ipad have usb port for charging and not high priced apple changes
The Apple chargers just supply a USB port power. The iOS devices can all plug into any USB port to charge...
-1, wrong.
From Ken Shirrif's blog [righto.com]:
Who do Haters insist on demonstrating ignorance? (Score:1)
The Apple chargers CAN supply more power than the USB spec to Apple devices.
But it's totally optional. You can charge ANY iOS device on ANY USB port, it will just take somewhat longer. You can plug ANY USB powered device into an Apple USB charger, and it will charge. It's USB, that's what it does.
In just one post you manage to demonstrate complete ignorance as to the subject matter at hand, and unwillingness even to use Google for one second to prevent yourself from looking like a complete idiot.
Re: (Score:2)
Re: (Score:2)
Re:Why can't Iphone / ipad have usb port for charg (Score:5, Informative)
A lot of iDevice users believe the fancy ports are better than standard USB ports when in fact they both do the same thing.
Why are so many people so ignorant on this point?
http://en.wikipedia.org/wiki/Dock_connector#30-pin [wikipedia.org]
It contains controls, audio and video, as well as data & charging like USB.
Re: (Score:2, Insightful)
Are you distinguishing that from all the devices that do audio, video and controls over USB?
Re: (Score:2)
Can you point ONE out?
Re: (Score:2)
Video over USB:
http://www.everythingusb.com/targus-usb-3.0-dual-video-adapter-21477.html [everythingusb.com]
Audio over USB:
http://hifimediy.com/index.php?route=product/product&product_id=107 [hifimediy.com]
Controls over USB:
http://www.amazon.com/Griffin-Technology-NA16029-Multimedia-Controller/dp/B003VWU2WA/ref=sr_1_1?ie=UTF8&qid=1375463450&sr=8-1&keywords=usb+volume+control [amazon.com]
Re: (Score:2)
So, you can't point ONE out that can do all three.
Also the video one is a custom chip so not JUST over USB.
Also, the audio one is a custom chip so not JUST over USB.
Also the controls one is a custom chip AND custom software so not JUST over USB.
Thanks for perfectly making my point.
Re: (Score:2)
??? Of course there's custom hardware at the other end. The iphone cable requires custom hardware that (1) has the right sized port, (2) has the circuitry that does something with the signal it gets (except in the case of audio).
The point stands. Video, audio and control can certainly be done over USB. There's no *NEED* for the iphone cable.
Re: (Score:2)
LOL. We need custom hardware. Apple doesn't need custom hardware!
Or something.
Let me know when you get those things over just a USB cable *without custom hardware*. That was the original argument.
Re: Why can't Iphone / ipad have usb port for char (Score:2)
The cord that has audio connectors on the other end doesn't. Just because you've never plugged anything but a USB cable into your iPhone doesn't mean nobody else has.
Re: (Score:3, Funny)
If they're using an iPhone, they already succumbed to brain hacking by Apple's marketing.
Re: (Score:1)
Re:The Internet of Things... (Score:5, Insightful)
Apple's iOs has been known as a bastion of security for many years
Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.
Re:The Internet of Things... (Score:5, Informative)
Apple's iOs has been known as a bastion of security for many years
Uh, what? The fuck it has.
That had me chuckling as well.
Remember when you could visit a website [jailbreakme.com] to "slide to jailbreak"
from right inside the web browser?
Re: (Score:1)
Actually, the cash prize dwarfs the object prize, which eliminates any notions of going for a certain object because it is more "desirable."
The Apple products are the easiest to crack and are usually pwnd in a matter of seconds.
Re: (Score:1, Insightful)
Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.
It's a smart hack, thats all (Score:5, Insightful)
Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.
Come on, lets get a sense of perspective instead of going into fanboyism (or anti for that matter).
Before today I had absolutely no idea a microcomputer could be made to look like a charger, or that the charging port on iPhones could be used to hack iOS. If you read TFA, the way they did it is pretty deceptive and ingenious.
Its fair to say that most people have a blind spot insofar as power ports are concerned, we normally don't think of it as a point of entry and this is the social engineering trick this hack takes advantage of . In fact, I think that prior to iPod/iPhones, no device used their power point to double up as a data connector. Pre-iphone, I remember swapping and borrowing Nokia/Sony etc. phone chargers from friends/strangers with no repercussions whatsoever.
It is very insulting and unfair to call people who would use a stranger's charger 'stupid' -not everyone is a techie or keeps updated with technology news. Which is probably why you posted as AC instead of under your own name =)
Disservice to yourself (Score:1)
I think a lot of us will refuse to "upgrade".
iOS 5 was an "upgrade".
iOS 6, and iOS 7 have been really nice updates - iOS7 especially is very useful. It's the first beta OS I have ever installed on my main phone because I found it too useful to not have daily.
Re: (Score:2)
The data doesn't show that. It shows that Apple has trained the userbase to upgrade very quickly.
Re: (Score:2)
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
Can't speak for others, but my iPhone 4's performance became quite sluggish after I upgraded to 6. I don't plan to get a new phone any time soon, so I'll probably stick with 6 for the time being.
Re: (Score:2)
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
Well not everyone loves neon gradients as much as Jony Ive. Not that I was a fan of some of the ridiculous "skeuomorphic" stuff either though.
But honestly that's all behind me as I've got a Samsung Galaxy 3 now, and seriously doubt I'd switch back to Apple phones, unless there is another big shakeup before my next upgrade cycle.
To wind our way back on topic though my daughter has my iphone 3GS...(I had a new battery put in it and its good as
Is your daughter an international spy? (Score:1)
my daughter has my iphone 3GS...(I had a new battery put in it and its good as new) Now, she won't be upgrading to ios7 either, because the 3GS isn't supported. So yeah, security fixes for ios6 would be pretty welcome.
So since the "hack" involves have a small charger that's really an iOS development computer, and can attack only 100 devices before it runs out of open UUID's in the deve account they use - what makes you think your daughter's iPhone would be worth the degree of effort it takes to attack?
There
Re: (Score:2)
So since the "hack" involves have a small charger that's really an iOS development computer, and can attack only 100 devices before it runs out of open UUID's in the deve account they use - what makes you think your daughter's iPhone would be worth the degree of effort it takes to attack?
What would the effort be to back port the patch to ios6? There are millions 3GS phones out there still. I agree this particular hole is relatively low risk -- but all security fixes in general should be back ported. You do
Re: (Score:2)
Exactly. Your daughters iPhone is completely uninteresting
I seem to recall there being a whole class of criminals who would love nothing better than to have access to a 12 year old girls phone, her photos, contact lists, friends lists, calendar...
Re: (Score:2)
I'm not aware of anything bad in iOS 7. Why would you not upgrade?
To preserve my jailbreak. I certainly won't downgrade to a new iOS until I know it's compatible with my Cydia apps.
New versions of iOS have become very ho-hum for the users. In the early days, they were exciting. Apple used the upgrades to add actual missing features, like copy/paste and multitasking. Consumers really wanted the latest and greatest, because the new features made an actual difference to them. Plus, iOS upgrades were required to download the latest apps, as new APIs were introduced to sup
Re: (Score:3)
Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.
Re: (Score:2, Flamebait)
Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.
They may have said "privacy", but that was a smokescreen. It was about nothing but money. Apple is in head-to-head competition with Google, and allowing their primary competitor a choice seat on their home screen and garnering the search, location, and resultant ad revenue was an affront they could no longer abide.
Apple truly believed they could get away with it and that customers wouldn't care. They believed that they would deliver such a hot-shit mapping app with useful turn-by-turn screens that consum
Re: (Score:2)
Today Google maps is an approved app on the app store. You can simply claim motivations that both Apple and Google deny but unless you have inside information I'd assume Apple and Google are telling the truth about their dispute. Moreover Google remained the default search engine which had more revenue potential. As for "ad revenue" there wouldn't be any ad revenue under Apple's approach, that was the point.
Re: (Score:2)
What is this auto-update you speak of?
To upgrade iOS, you have to actually tell it to upgrade. It will only notify you when one is available.
Re: (Score:1)
They went overboard on the flat effect. Have you seen the icons? It looks like a south park construction paper iPhone.
With the changes in UIControls, apps that aren't upgraded look like a bag of ass. Or are non-functional (the navigation bar is now larger and covers the view underneath by default).
Re: (Score:1)
No, it charges your credit card.
Re: (Score:2)