Apple iPhones and iPads vulnerable to hacking via malicious chargers

iPhone chargingIf you have an iPhone or iPad, take care about where you charge it. Because you could be allowing hackers to install malware onto your treasured Apple device.

Security researchers showed delegates at the Black Hat conference in Las Vegas yesterday how they managed to build a USB charger that can compromise iOS devices in less than 60 seconds.

What’s more, the iPhone or iPad does not need to be jailbroken for the attack to succeed.

Billy Lau, Yeongjin Jang and Chengyu Song, who are all researchers at Georgia Institute of Technology, gave an alarming presentation showing how easy it was to build a malicious charger called Mactans, using a small ARM-powered BeagleBoard running Linux.

Mactans malicious charger

During their demonstration, the researchers showed how just plugging a device in “for a quick charge”, was enough to replace the Facebook app on an iPhone or iPad with a malicious version of the app capable of spying on users, and sending sensitive data to a remote third party.

The only caveat is that the iPhone must be unlocked before the attack can begin.

Forbes reports that although the demonstration device looks a little Heath Robinson, with its taped-on picture of a poisonous spider, the team from Georgia Tech believe those in the business of espionage would have no difficulty in creating a more convincing looking device.

Sign up to our free newsletter.
Security news, advice, and tips.

The good news is that the researchers informed Apple of the security flaw, and has co-operated with the company with the intention of creating a fix for this serious security flaw.

Although no fixes are yet available for officially-shipping versions of iOS, the beta version of iOS 7 already displays a warning message to users if they attach their device to a possibly untrusted computer.

iOS 7 trust dialog

Trust the currently connected computer?

Trusting this computer will allow it full access to your device and all of its data.

It’s unclear to me at present whether Apple will also provide this security fix for earlier versions of iOS, but let’s hope that they also make moves to protect users in the field from this threat as quickly as possible.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.