ID: IRCNE2013081912
Date:2013-08-03
According to “ZDNet”, three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger."
Today at a Black Hat USA 2013 press conference, the researchers revealed for the first time exactly how the USB charger they built can compromise iOS devices in less than a minute.
Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an ordinary looking charger into a malicious vector for transmitting malware using an open source BeagleBoard, available for $125 (similar to a Raspberry Pi).
For the demonstration, the researchers used an iPhone. They plugged in the phone, and when the passcode was entered, the sign-code attack began.
For the demo, the Facebook app was used as an example.
Within seconds of plugging in the charger, the Facebook app was invisibly removed from the device and seamlessly replaced with a Facebook app imitation with a malicious payload.
The app's icon was in the exact same spot as it was before the attack - there is no way of knowing the application is not malware.
The researchers said that all the user needs to do to start the attack is enter their passcode - they pointed out that this is a pattern of ordinary use, such as to check a message while the phone is charging.
Once the app was launched, the malware was launched and the phone was compromised - and could do things such as take screenshots when other passwords are entered, send a spoofed screen, and more.
In this manner, depending on what payload the attacker has put on the fake app, sensitive data could be accessed and compromised in a variety of ways.
The attack works on physical weaknesses, and operates on all versions of iOS, stock (up to the beta developer version of 7, which is the only version that Apple has patched).
No root permission is accessed for the attack.The targeted iOS device does not need to be jailbroken in order for the attack to be successful. It only needs to be plugged in to the innocuous seeming, but poisoned, iOS charger.
The researchers disclosed the attack and vulnerability to Apple, but it appears that Apple hasn’t addressed or fixed the issue for versions prior to 7 (beta, developer release) - the hackers had previously stated they refused to reveal details until their Black Hat presentation.
- 2