Get the ECT News Network Editor's Pick Newsletter » View Sample | Subscribe
Welcome Guest | Sign In

Your iPhone Could Be Poisoned by Its Charger

By Richard Adhikari MacNewsWorld ECT News Network
Jun 4, 2013 5:00 AM PT

Researchers at the Georgia Institute of Technology have developed a way to hack into iOS devices through a modified charger.

Your iPhone Could Be Poisoned by Its Charger

Billy Lau, a research scientist at the institute, together with two Ph.D. students, will present a paper on this at Black Hat USA 2013, to be held in Las Vegas July 27 through Aug. 1.

It took only 1 minute for an iOS device to be compromised after being plugged into a malicious charger. All users potentially could be affected because the team's approach doesn't require jailbreaking the device and does not involve any user interaction.

"Many people with iOS devices don't put antivirus on their devices because they believe they're less likely to be infected," Julien Blin, a directing analyst at Infonetics, told MacNewsWorld. "That's a misconception in my opinion, and that's an opportunity for hackers."

Apple did not respond to our request to comment for this story.

The Evil That Chargers May Do

The researchers built a proof-of-concept malicious charger they call "Mactans." For this, they used a Beagleboard, which is basically a Linux PC a tad larger than a credit card.

The researchers will describe how USB capabilities can be leveraged to bypass Apple's security mechanisms, and will show how attackers can hide their software in the same way Apple hides its own built-in applications to avoid detection.

Apple devs use Xcode to build OS X and iOS applications.

Mactans was built with constraints on time and budget, and the researchers will discuss briefly what hackers with better funding and more time might be able to do with the concept of poisoning chargers.

They will also recommend ways users might protect themselves, and suggest security features Apple could implement to help make such attacks more difficult.

The Georgia Institute of Technology's Billy Lau was not immediately available to provide further details.

What's a Beagleboard?

A Beagleboard is a low-power, open source hardware single-board computer produced jointly by Texas Instruments and Digi-Key. It was designed as a way of demonstrating TI's OMAP3530 system on a chip.

OMAP, or Open Multimedia Applications Platform, is a family of SoCs that process images and video for portable and mobile multimedia applications. They include a general-purpose ARM architecture processor core and one or more specialized coprocessors.

The Beagleboard measures 75mm square. Its OMAP3530 SoC has an ARM Cortex-A8 CPU that can run Linux, FreeBSD, Risc OS or Symbian. Android is being ported to the CPU. The SoC also has a TMS320C64x+ digital signal processor for accelerated video and audio decoding, and an Imagination Technologies PowerVR SGX530 graphics processing unit for accelerated 2D and 3D rendering.

The GPU supports OpenGL ES 2.0.

The Beagleboard has separate S-Video and HDMI connections, a single SD/MMC card slot, a USB On-The-Go port, an RS-232 serial connection, a JTAG connection, and two stereo 3.5 mm audio jacks.

It has 256 MB of NAND flash memory and 256 MB of RAM through a package-on-package chip.

The Beagleboard uses up to 2 W of power and can be powered from the USB connector.

A Clear and Present Danger?

With the Bring Your Own Device trend on the rise among enterprises, and the U.S. Department of Defense recently approving the use of iOS 6 devices in the military, as well as speeding up its process for approving mobile devices, the potential threat posed by a malware-bearing charger is very real.

There are at least three different possible attack scenarios, Randy Abrams, a research director at NSS Labs, told MacNewsWorld. One is to get these poisoned chargers into the supply chain, "but that's likely to get discovered quickly."

Another is to have chargers built to resemble Apple's chargers and swap them for the real ones when users are not looking, though this is not a likely mode of attack except for very high-profile, high-value targets.

"If you've got a specific target that's worth a lot of money, spending US$50 on building a charger that looks like the real thing is chump change," Abrams remarked.

A third vector of attack could become available when a user borrows someone else's charger for a number of reasons.

"It's quite common for people to borrow someone else's charger because they didn't bring theirs," Abrams said. "I've loaned mine to people in the past."

Subscribe to Tech News Flash Newsletter
Women in Tech
Which Big Tech CEO that testified at the Congressional Antitrust Hearing on July 29 is the most trustworthy?
Jeff Bezos of Amazon
Mark Zuckerberg of Facebook
Sundar Pichai of Google
Tim Cook of Apple
All of them are equally trustworthy to some extent.
None of them are trustworthy whatsoever.