Charger can wipe iPhones, install malware

By

Apple plans iOS 7 fix.

A craftily built malicious charger can launch trojans on iPhones, steal data, install and remove apps, and execute factory resets.

Charger can wipe iPhones, install malware

The proof-of-concept charger dubbed Mactans was demonstrated at the Black Hat  conference in Las Vegas this week by Georgia Tech researchers Billy Lau, Chengyu Song and Yeongjin Jang.

The researchers used a 3-by-3 inch open-source  BeagleBoard to construct the charger that gave them escalated privileges in iOS by creating a “provisioning profile,” a file that permits applications in development to be installed on an iOS device.

The exploit took advantage of Apple's lax protocols for authorising provisioning profiles to developers, the researchers said.

It required only that an Apple user's unique UDID number – which they could obtain easily via a USB connection – be supplied to register a provisioning profile.

Once registered, they were free to install a hidden malicious app without a user's consent or knowledge.

The exploit did not require the phone to be jailbroken, they added.

In their demonstration, the researchers installed a spurious Facebook app which looked exactly like the users' legitimate version.

On the same day as the talk, Apple said it would address the issue in an iOS software update planned for the fall, according to Reuters.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?