Malicious power-charger can infect Apple iOS devices

Black Hat presentation from Georgia Tech researchers to show malicious proof of concept

IoS devices are vulnerable to malware coming from a malicious charger according to researchers from Georgia Tech.

The researchers, who will be presenting their proof-of-concept charger known as Mactans at the upcoming Black Hat security conference, say: “despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jail-broken device nor user interaction.”

From the group’s presentation teaser: ” To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.”

According to a Wikipedia entry, BeagleBoard is a low-power open-source hardware single-board computer designed by Texas Instruments in association with Digi-Key. The board was developed by a small team of engineers as an educational board that could be used in colleges around the world to teach open source hardware and open source software capabilities. It is also sold to the public under the Creative Commons share-alike license.

The researchers said they will recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

The Apple security review required for selling apps in the iTunes store has largely prevented security problems for those devices, experts say. Apple isn’t foolproof, as some malware has gotten through the company’s scrutiny, such as the spam-producing “Find and Call” app discovered last year, said Chris Doggett, senior vice president, North America, at Kaspersky Lab in a recent IDG News Service story. But because the bar is higher with iOS, most attackers look elsewhere.

 


Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Comments |0|

Legend *) Required fields are marked
**) You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>