Security researchers from the Georgia Institute of Technology are presenting a method of injecting arbitrary software into the iPhone using a malicious charger at Black Hat USA 2013.
The team says that the results of its research are alarming. “Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.
Their malicious charger has been dubbed ‘Mactans’ and was built using a BeagleBoard.
This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.
The researchers will also present on ways that users can protect themselves from the attack and suggest security measures Apple could implement to make the attack more difficult.