A craftily built malicious charger can launch trojans on iPhones, steal data, install and remove apps, and execute factory resets.
The proof-of-concept charger dubbed Mactans was demonstrated at the Black Hat conference in Las Vegas this week by Georgia Tech researchers Billy Lau, Chengyu Song and Yeongjin Jang.
The researchers used a 3-by-3 inch open-source BeagleBoard to construct the charger that gave them escalated privileges in iOS by creating a “provisioning profile,” a file that permits applications in development to be installed on an iOS device.
The exploit took advantage of Apple's lax protocols for authorising provisioning profiles to developers, the researchers said.
It required only that an Apple user's unique UDID number – which they could obtain easily via a USB connection – be supplied to register a provisioning profile.
Once registered, they were free to install a hidden malicious app without a user's consent or knowledge.
The exploit did not require the phone to be jailbroken, they added.
In their demonstration, the researchers installed a spurious Facebook app which looked exactly like the users' legitimate version.
On the same day as the talk, Apple said it would address the issue in an iOS software update planned for the fall, according to Reuters.
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
