Whilst no-one doubts that the Android platform is a huge target to the bad guys, and so attracts more than its fair share of mobile malware, iOS devices are considered to be much ‘safer’. But now an upcoming presentation at Blackhat in July will demonstrate a proof of concept that may be worrying to owners of Apple devices.
Security researchers Billy Lau, Yeongjin and Chengyu Song will demo a malicious charger that they have called Mactans. Using a BeagleBoard this charger has been chosen,
“to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed.”
The team, from the Georgia Institute of Technology, say that this charger can be used to upload software to any iOS device within a minute of it being plugged in. They say that “all users” are at risk and that no user interaction is required for the hack to prove successful.
Once an app has been uploaded it can be hidden from the user such that it doesn’t appear in the app list. Its not clear at this time whether the team could upload malware via this method as proper signing of apps is required in order to navigate around Apple’s sandbox but this development certainly has worrying potential.
If it does prove possible to upload malicious apps then I’m sure some enterprising hacker would find a way, in time, to shrink the BeagleBoard down to a size that is small enough to get passed off as a regular iPhone or iPad charger….
photo: See-ming Lee