Apple's iOS 7 to patch 'power adapter' security flaw demonstrated at Black Hat convention
Apple said it will roll out a fix to a relatively obscure security flaw that allows hackers to access sensitive information on an iPhone or iPad via a "modified charger," with the patch already instituted in the latest iOS 7 beta.
Example of BeagleBoard computer used in Mactans hack.
As reported by Reuters, Apple will have a fix ready for a security hole that lets nefarious parties insert malware onto an iOS device when it is attached to a small Linux computer made to look like a power adapter. The hack, called Mactans, was demonstrated at the 2013 Black Hat convention on Wednesday.
Apple was previously made aware of the vulnerability by the three Georgia Institute of Technology researchers who discovered it earlier this year. The company said a patch for the flaw is already present in the latest iOS 7 beta.
"We would like to thank the researchers for their valuable input," Neumayr said.
According to Billy Lau, one of the researchers responsbile for the discovery, the custom-built charger is packed with a $45 BeagleBoard computer programmed to install malicious software onto any iOS device. He said the unit took one week to design.
From Lau's Black Hat demo brief:
"It can become a spying tool," said Lau.
As for Apple's fix, Lau said iOS 7 will notify users when they are connected to a computer, rather than a regular charger, making it easier to distinguish an attempted hack.
Black Hat holds annual conventions around the world to bring together top security professionals for training, briefings and workshops.
Example of BeagleBoard computer used in Mactans hack.
As reported by Reuters, Apple will have a fix ready for a security hole that lets nefarious parties insert malware onto an iOS device when it is attached to a small Linux computer made to look like a power adapter. The hack, called Mactans, was demonstrated at the 2013 Black Hat convention on Wednesday.
Apple was previously made aware of the vulnerability by the three Georgia Institute of Technology researchers who discovered it earlier this year. The company said a patch for the flaw is already present in the latest iOS 7 beta.
"We would like to thank the researchers for their valuable input," Neumayr said.
According to Billy Lau, one of the researchers responsbile for the discovery, the custom-built charger is packed with a $45 BeagleBoard computer programmed to install malicious software onto any iOS device. He said the unit took one week to design.
From Lau's Black Hat demo brief:
In Wednesday's demo, the fake charger infected an iPhone 5 running iOS 6 with a virus, which subsequently directed it to dial the phone number of one of the researchers.This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
"It can become a spying tool," said Lau.
As for Apple's fix, Lau said iOS 7 will notify users when they are connected to a computer, rather than a regular charger, making it easier to distinguish an attempted hack.
Black Hat holds annual conventions around the world to bring together top security professionals for training, briefings and workshops.
Comments
Who's Neumayr?
Don't know, but since it has a chip in it maybe its possible to update the software on it?
Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.
Quote:
Originally Posted by macinthe408
"We would like to thank the researchers for their valuable input," Neumayr said."
Who's Neumayr?
Apple Spokesman according to better written articles.
Quote:
Originally Posted by konqerror
Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.
As I guess most people buy extra cables in order to charge away from their syncing computer, it would probably be a good marketing idea to sell lightning cables that are only designed to charge and market them as such.
Quote:
Originally Posted by konqerror
Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.
Correction: I thought about it and you can't cut it for an Apple device, though some other ones you can. Some devices you just need to tie the two data lines together. For Apple, you have to use four resistors between each data line and the power wires for the proper signal, but it's still doable.
This link gives more info: http://arstechnica.com/security/2013/07/trusting-iphones-plugged-into-bogus-chargers-get-a-dose-of-malware/ .
A locked iPhone (as it should be) wouldn't accept the data connection and can't be infected, so no need for iOS7.
It seems that Apple has to fix two other things: one, the user should be informed and be able to allow or deny if sensitive information like a UDID or email address etc. is requested, two, provisioning profiles should be generated for an apple ID and accompanied password combination not for a specific UDID. (Note that use of UDIDs by applications is already phased out by Apple.)
Quote:
Originally Posted by Phone-UI-Guy
Apple Spokesman according to better written articles.
Apparently accuracy isn't important even when copying from another site.
I am surprised this article didn't take the opportunity to point out the sheer millions of iphones that will be patched when IOS7 is released.
as usual, extremely selective reporting here from ai, what about the far more serious vulnerability...
"We implemented a proof-of-concept Jekyll app and successfully published it in App Store. We remotely launched the attacks on a controlled group of devices that installed the app. The result shows that, despite running inside the iOS sandbox, Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities."
remember this one...
Security flaw opens all modern Android devices to "zombie botnet" takeover
so that makes the appropriate headline for the jekyll vulnerability...
security flaw opens all ios devices to "zombia botnet" takeoever
t
...but of course ai writers are too hypocritical to do that