iOS can be hacked in one minute using a special charger, with no jailbreaks needed
Researchers claim they can hack an Apple iOS device with an easy-to-make charger that they plan to show off at the BlackHat conference next month.
The Apple operating system has been almost immune to malware since it arrived in 2007, with only one piece of malicious software ever seen on iOS.
Many have been clamouring for ways to hack iPhones and iPads, but most techniques have so far relied on jailbreaking the device.
Hacking an iPhone ‘in one minute’
However, researchers from the Georgia Institute of Technology claim in their BlackHat teaser they did not have to use a jailbreak. Instead, they have created a malicious charger, which they’ve named Mactans, using a BeagleBoard, a low-power open-source hardware single-board computer.
That would suggest Mactans is more than just an average charger. But the researchers, who haven’t revealed any more than what the preview says, noted “they wanted to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed”.
They said all users were vulnerable to attacks over the charger, which could be carried out in just one minute.
“The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the BlackHat preview read.
“In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger.
“We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms.
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.”
The researchers promised to “suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off”.
How well do you know Internet security? Try our quiz and find out!