Your iPhone Could Be Poisoned by Its Charger
Ever loan or borrow an iOS charger? You might want to think twice before doing so in the future, as a group of researchers have figured out how to modify chargers to load malware onto iOS devices in less than a minute. The researchers will describe how USB capabilities can be leveraged to bypass Apple's security mechanisms at Black Hat USA 2013 this summer.
Jun 4, 2013 5:00 AM PT
Researchers at the Georgia Institute of Technology have developed a way to hack into iOS devices through a modified charger.
It took only 1 minute for an iOS device to be compromised after being plugged into a malicious charger. All users potentially could be affected because the team's approach doesn't require jailbreaking the device and does not involve any user interaction.
"Many people with iOS devices don't put antivirus on their devices because they believe they're less likely to be infected," Julien Blin, a directing analyst at Infonetics, told MacNewsWorld. "That's a misconception in my opinion, and that's an opportunity for hackers."
Apple did not respond to our request to comment for this story.
The Evil That Chargers May Do
The researchers built a proof-of-concept malicious charger they call "Mactans." For this, they used a Beagleboard, which is basically a Linux PC a tad larger than a credit card.
The researchers will describe how USB capabilities can be leveraged to bypass Apple's security mechanisms, and will show how attackers can hide their software in the same way Apple hides its own built-in applications to avoid detection.
Apple devs use Xcode to build OS X and iOS applications.
Mactans was built with constraints on time and budget, and the researchers will discuss briefly what hackers with better funding and more time might be able to do with the concept of poisoning chargers.
They will also recommend ways users might protect themselves, and suggest security features Apple could implement to help make such attacks more difficult.
The Georgia Institute of Technology's Billy Lau was not immediately available to provide further details.
What's a Beagleboard?
A Beagleboard is a low-power, open source hardware single-board computer produced jointly by Texas Instruments and Digi-Key. It was designed as a way of demonstrating TI's OMAP3530 system on a chip.
OMAP, or Open Multimedia Applications Platform, is a family of SoCs that process images and video for portable and mobile multimedia applications. They include a general-purpose ARM architecture processor core and one or more specialized coprocessors.
The Beagleboard measures 75mm square. Its OMAP3530 SoC has an ARM Cortex-A8 CPU that can run Linux, FreeBSD, Risc OS or Symbian. Android is being ported to the CPU. The SoC also has a TMS320C64x+ digital signal processor for accelerated video and audio decoding, and an Imagination Technologies PowerVR SGX530 graphics processing unit for accelerated 2D and 3D rendering.
The GPU supports OpenGL ES 2.0.
The Beagleboard has separate S-Video and HDMI connections, a single SD/MMC card slot, a USB On-The-Go port, an RS-232 serial connection, a JTAG connection, and two stereo 3.5 mm audio jacks.
It has 256 MB of NAND flash memory and 256 MB of RAM through a package-on-package chip.
The Beagleboard uses up to 2 W of power and can be powered from the USB connector.
A Clear and Present Danger?
With the Bring Your Own Device trend on the rise among enterprises, and the U.S. Department of Defense recently approving the use of iOS 6 devices in the military, as well as speeding up its process for approving mobile devices, the potential threat posed by a malware-bearing charger is very real.
There are at least three different possible attack scenarios, Randy Abrams, a research director at NSS Labs, told MacNewsWorld. One is to get these poisoned chargers into the supply chain, "but that's likely to get discovered quickly."
Another is to have chargers built to resemble Apple's chargers and swap them for the real ones when users are not looking, though this is not a likely mode of attack except for very high-profile, high-value targets.
"If you've got a specific target that's worth a lot of money, spending US$50 on building a charger that looks like the real thing is chump change," Abrams remarked.
A third vector of attack could become available when a user borrows someone else's charger for a number of reasons.
"It's quite common for people to borrow someone else's charger because they didn't bring theirs," Abrams said. "I've loaned mine to people in the past."