Apple's iOS 7 to patch 'power adapter' security flaw demonstrated at Black Hat convention

Posted:
in iPhone edited March 2014
Apple said it will roll out a fix to a relatively obscure security flaw that allows hackers to access sensitive information on an iPhone or iPad via a "modified charger," with the patch already instituted in the latest iOS 7 beta.

Beaglebone
Example of BeagleBoard computer used in Mactans hack.


As reported by Reuters, Apple will have a fix ready for a security hole that lets nefarious parties insert malware onto an iOS device when it is attached to a small Linux computer made to look like a power adapter. The hack, called Mactans, was demonstrated at the 2013 Black Hat convention on Wednesday.

Apple was previously made aware of the vulnerability by the three Georgia Institute of Technology researchers who discovered it earlier this year. The company said a patch for the flaw is already present in the latest iOS 7 beta.

"We would like to thank the researchers for their valuable input," Neumayr said.

According to Billy Lau, one of the researchers responsbile for the discovery, the custom-built charger is packed with a $45 BeagleBoard computer programmed to install malicious software onto any iOS device. He said the unit took one week to design.

From Lau's Black Hat demo brief:
This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
In Wednesday's demo, the fake charger infected an iPhone 5 running iOS 6 with a virus, which subsequently directed it to dial the phone number of one of the researchers.

"It can become a spying tool," said Lau.

As for Apple's fix, Lau said iOS 7 will notify users when they are connected to a computer, rather than a regular charger, making it easier to distinguish an attempted hack.

Black Hat holds annual conventions around the world to bring together top security professionals for training, briefings and workshops.

Comments

  • Reply 1 of 15
    Note to self don't use any cheapo knock off chargers or bum any charges from strangers
  • Reply 2 of 15
    I wish this new feature would allow me to 'always trust' a certain computer. e.g. my work PC. I'm asked to trust it *every* time I plug in for a charge. Thankfully, I'm not asked if I trust my Mac at home (probably because it contains the iTunes install I sync to).
  • Reply 3 of 15
    macinthe408macinthe408 Posts: 1,050member
    "We would like to thank the researchers for their valuable input," Neumayr said."

    Who's Neumayr?
  • Reply 4 of 15
    chickchick Posts: 35member
    Does the lightning connector provide any security in a case like this?
  • Reply 5 of 15
    philboogiephilboogie Posts: 7,675member
    chick wrote: »
    Does the lightning connector provide any security in a case like this?

    Don't know, but since it has a chip in it maybe its possible to update the software on it?
  • Reply 6 of 15
    konqerrorkonqerror Posts: 685member


    Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.

  • Reply 7 of 15
    phone-ui-guyphone-ui-guy Posts: 1,019member

    Quote:

    Originally Posted by macinthe408 View Post



    "We would like to thank the researchers for their valuable input," Neumayr said."



    Who's Neumayr?


     


    Apple Spokesman according to better written articles. ;)

  • Reply 8 of 15
    So if this technique can be used to "install malicious software onto any iOS device" it could be used to jailbreak an Apple TV 3 - right? Somehow I don't think the method applies to ANY iOS device. (and we know the Apple TV doesn't need to charge, has no battery, and uses line voltage)
  • Reply 9 of 15
    analogjackanalogjack Posts: 1,073member

    Quote:

    Originally Posted by konqerror View Post


    Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.



     


    As I guess most people buy extra cables in order to charge away from their syncing computer, it would probably be a good marketing idea to sell lightning cables that are only designed to charge and market them as such.


  • Reply 10 of 15
    konqerrorkonqerror Posts: 685member

    Quote:

    Originally Posted by konqerror View Post


    Easy solution for any device: take a USB extension cable or lightning cable and cut the two data wires. Now use that cable anytime you're charging or connecting to an untrusted device.



     


    Correction: I thought about it and you can't cut it for an Apple device, though some other ones you can. Some devices you just need to tie the two data lines together. For Apple, you have to use four resistors between each data line and the power wires for the proper signal, but it's still doable.

  • Reply 11 of 15
    jnjnjnjnjnjn Posts: 588member


    This link gives more info: http://arstechnica.com/security/2013/07/trusting-iphones-plugged-into-bogus-chargers-get-a-dose-of-malware/ .


     


    A locked iPhone (as it should be) wouldn't accept the data connection and can't be infected, so no need for iOS7.


    It seems that Apple has to fix two other things: one, the user should be informed and be able to allow or deny if sensitive information like a UDID or email address etc. is requested, two, provisioning profiles should be generated for an apple ID and accompanied password combination not for a specific UDID. (Note that use of UDIDs by applications is already phased out by Apple.) 

  • Reply 12 of 15
    llamallama Posts: 102member
    Now all those "handy" charging stations in airports and other public access settings seem a little less friendly. :)
  • Reply 13 of 15
    rivertriprivertrip Posts: 142member

    Quote:

    Originally Posted by Phone-UI-Guy View Post


     


    Apple Spokesman according to better written articles. ;)



    Apparently accuracy isn't important even when copying from another site.

  • Reply 14 of 15
    abazigalabazigal Posts: 114member


    I am surprised this article didn't take the opportunity to point out the sheer millions of iphones that will be patched when IOS7 is released. image

  • Reply 15 of 15
    umumumumumum Posts: 76member


    as usual, extremely selective reporting here from ai, what about the far more serious vulnerability...


     


    "We implemented a proof-of-concept Jekyll app and successfully published it in App Store. We remotely launched the attacks on a controlled group of devices that installed the app. The result shows that, despite running inside the iOS sandbox, Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps, and even exploiting kernel vulnerabilities."


     


    remember this one...


     


    Security flaw opens all modern Android devices to "zombie botnet" takeover


     


    so that makes the appropriate headline for the jekyll vulnerability...


     


    security flaw opens all ios devices to "zombia botnet" takeoever


     


     


    t


    ...but of course ai writers are too hypocritical to do that

Sign In or Register to comment.