Apple iPhones and iPads vulnerable to hacking via malicious chargers

iPhone charging If you have an iPhone or iPad, take care about where you charge it. Because you could be allowing hackers to install malware onto your treasured Apple device.

Security researchers showed delegates at the Black Hat conference in Las Vegas yesterday how they managed to build a USB charger that can compromise iOS devices in less than 60 seconds.

What’s more, the iPhone or iPad does not need to be jailbroken for the attack to succeed.

Billy Lau, Yeongjin Jang and Chengyu Song, who are all researchers at Georgia Institute of Technology, gave an alarming presentation showing how easy it was to build a malicious charger called Mactans, using a small ARM-powered BeagleBoard running Linux.

Sign up to our free newsletter.
Security news, advice, and tips.

Mactans malicious charger

During their demonstration, the researchers showed how just plugging a device in “for a quick charge”, was enough to replace the Facebook app on an iPhone or iPad with a malicious version of the app capable of spying on users, and sending sensitive data to a remote third party.

The only caveat is that the iPhone must be unlocked before the attack can begin.

Forbes reports that although the demonstration device looks a little Heath Robinson, with its taped-on picture of a poisonous spider, the team from Georgia Tech believe those in the business of espionage would have no difficulty in creating a more convincing looking device.

The good news is that the researchers informed Apple of the security flaw, and has co-operated with the company with the intention of creating a fix for this serious security flaw.

Although no fixes are yet available for officially-shipping versions of iOS, the beta version of iOS 7 already displays a warning message to users if they attach their device to a possibly untrusted computer.

iOS 7 trust dialog

Trust the currently connected computer?

Trusting this computer will allow it full access to your device and all of its data.

It’s unclear to me at present whether Apple will also provide this security fix for earlier versions of iOS, but let’s hope that they also make moves to protect users in the field from this threat as quickly as possible.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.