Researchers at Georgia Institute of Technology have built a modified iPhone charger capable of hacking users' handsets and filling them with malware in just one minute.
The team, who will present their work at the forthcoming Black Hat security conference in Las Vegas, claim the method works for handsets running the latest version of iOS and does not require a jailbroken phone.
Researchers Billy Lau, Yeongjin Jang and Chengyu Song claim to have used the USB capailities in the iPhone charger to bypass the handset's built-in defences.
“The results were alarming. Despite the plethora of defence mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices,” the team said. The malicious charger, dubbed Mactans, was built using a BeagleBoard, which is a low-cost, credit card-sized computer.
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the team said.
While the malicious charger is currently just a proof of concept device, the researchers warned that better-funded, highly motivated attackers could achieve more devastating attacks. And given the proliferation of knock-off chargers available for iPhone users, and increasingly common connection points and docking stations at photo shops or hotel lobbies, users would be well advised to treat these little white plugs with caution.
While the volume of mobile malware has been rocketing recently, most of its has been targeted at the Android platform. According to antivirus vendor F-Secure, the first three months of 2013 saw a 50 percent rise year-on-year in the volume of Android malware.
More fingers of blame pointed at gangs linked to North Korean government
Dominance of Apple and Samsung in smartphones being chipped away by Huawei, Oppo and other cheaper rivals
OLED smartphone display can be stretched, bent, rolled and even dented - but won't break
Upgrading from a conventional hard-disk drive to an SSD? This may be just what you're looking for