Researchers at Georgia Institute of Technology have built a modified iPhone charger capable of hacking users' handsets and filling them with malware in just one minute.
The team, who will present their work at the forthcoming Black Hat security conference in Las Vegas, claim the method works for handsets running the latest version of iOS and does not require a jailbroken phone.
Researchers Billy Lau, Yeongjin Jang and Chengyu Song claim to have used the USB capailities in the iPhone charger to bypass the handset's built-in defences.
“The results were alarming. Despite the plethora of defence mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices,” the team said. The malicious charger, dubbed Mactans, was built using a BeagleBoard, which is a low-cost, credit card-sized computer.
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the team said.
While the malicious charger is currently just a proof of concept device, the researchers warned that better-funded, highly motivated attackers could achieve more devastating attacks. And given the proliferation of knock-off chargers available for iPhone users, and increasingly common connection points and docking stations at photo shops or hotel lobbies, users would be well advised to treat these little white plugs with caution.
While the volume of mobile malware has been rocketing recently, most of its has been targeted at the Android platform. According to antivirus vendor F-Secure, the first three months of 2013 saw a 50 percent rise year-on-year in the volume of Android malware.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix