At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple’s iOS.
Though the researchers aren’t yet sharing the details of their work, a description of their talk posted to the conference website describes the results of the experiment as “alarming. Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” their talk summary reads. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
The researchers’ malicious charger, which they’re calling “Mactans” in what seems to be a reference to the scientific name of the Black Widow spider, is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. “This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed,” the researchers write.
It’s not clear just how convincing that charger will be, of course, given that a three-inch square BeagleBoard can’t fit into the smaller power adaptors Apple sells for charging its gadgets, like the one shown above. But a BeagleBoard could be hidden in a docking station or external battery, and the team hints that others with more resources may be able to advance their work: “While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.”
When I spoke by phone Friday with Yeongjin Jang, one of the Georgia Tech researchers, he told me that the team had contacted Apple about their exploit, but hadn’t yet heard back from the company, and declined to comment further. I reached out to Apple, too, and will update this post if the company responds.
The researchers write that their attack can compromise an iOS device running the most recent version of Apple’s mobile operating system in less than a minute. They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. “We show how an attacker can hide their software in the same way Apple hides its own built-in applications,” reads their description.
The Georgia Tech researchers would be far from the first to hack iOS devices via their USB connections. The devices’ combined data and power port has been the most common point of entry for hackers seeking to jailbreak their devices to remove Apple’s default restrictions on their devices. The “evasi0n” jailbreakreleased by a group of iOS hackers in February, for instance, took advantage of a flaw in iOS’s mobile backup system as well as four other bugs to dismantle the devices’ security measures.
That jailbreak was used more than 18 million times by iOS users eager to hack their iPhone, iPads and iPod touches before Apple updated their software to block the exploit in March. Given that Georgia Tech is demonstrating a far less friendly technique, expect Apple to move fast to patch the bugs they’re exposing.