New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

iOS 7 Beta 4 Contains Fix For Malicious Charger Hack

Wednesday July 31, 2013 7:38 pm PDT by Juli Clover
iphone_charger_chinaEarlier this year, a trio of computer scientists discovered a flaw in iOS 6 that would theoretically allow an iPhone or an iPad to be hacked using a "malicious USB charger."

The researchers demonstrated the hack at the Black Hat Convention in Las Vegas today, showing off a custom built charger that was plugged into an iPhone. The charger, which took a week to design and cost just $45 in components, contained a small Linux computer programmed to launch an attack on iOS devices.
In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.
According to a report from Reuters, the security flaw that could allow a fake charging station to potentially hack an iOS device has already been repaired in iOS 7.
Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
During the convention, the researchers successfully used the device they had constructed to hack into an iPhone, programming it to dial another phone. The group, worried that criminals might use the hack in malicious ways, publicized the issue in the spirit of "white hat" hacking.

iOS 7, which is already in the hands of developers, is expected to be released to the general public this fall. Along with a fix for the charger hack, it also includes a number of new features like an overhauled Notification Center, a new Control Center, and a complete redesign. Apple continues to regularly release beta updates for the operating system, adding additional minor performance boosts and changes ahead of its official release.

[ 52 comments ]


Top Rated Comments

(View all)

Avatar
kalsta
75 months ago

I'm curious to see a picture of this malicious charger.


Rating: 25 Votes
Avatar
moxin
75 months ago

Still, not enough to make me upgrade to iOS 7. Nice try Apple


Yup people at Apple are really tying hard to get you back son.
Rating: 10 Votes
Avatar
macs4nw
75 months ago

.....Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.

Article Link: iOS 7 Beta 4 Contains Fix For Malicious Charger Hack (https://www.macrumors.com/2013/07/31/ios-7-beta-4-contains-fix-for-malicious-charger-hack/)


APPLE took that really well, for a change. They haven't always been so gracious in the past.
Rating: 9 Votes
Avatar
JAT
75 months ago

APPLE took that really well, for a change. They haven't always been so gracious in the past.


Perhaps the lack of blackmail was a factor.
Rating: 6 Votes
Avatar
lolkthxbai
75 months ago
Nice! It's good to see security researchers pushing the limits to uncover any exploits and share them in the spirit of "white hat" hacking.

----------

I'm glad there's a fix coming, but I always use Apple branded chargers. :cool:


After this and the news of Chinese chargers possibly electrocuting people, I wouldn't be surprised if people thought twice before buying that $2-$5 charger on amazon.
Rating: 4 Votes
Avatar
LeandrodaFL
75 months ago
Still, not enough to make me upgrade to iOS 7. Nice try Apple
Rating: 3 Votes
Avatar
ChrisTX
75 months ago
I'm glad there's a fix coming, but I always use Apple branded chargers. :cool:
Rating: 3 Votes
Avatar
nagromme
75 months ago
I'm curious to see a picture of this malicious charger. Getting it small enough to be appealing would probably take some doing; AppleInsider has a pic if the mini-Linux-computer used, and small as it is, it's still just one component and is pretty big! You almost might as well disguise a Mac Mini as a charger.

(In fact, you could do just that, if you can convince people to plug into a "public" charge port, where the charger hardware is hidden out of sight.)

APPLE took that really well, for a change. They haven't always been so gracious in the past.


Actually they have often given public credit to those who have found flaws.

Not everyone who finds a flaw deserves gracious treatment: some of them are after fame (or even malicious acts for pay) and don't care who gets hurt or hacked. Others handle the information responsibly.
Rating: 2 Votes
Avatar
Gasu E.
75 months ago

Think twice and then still buy them, because they work.


So does natural selection.
Rating: 2 Votes
Avatar
phalseHUD
75 months ago
Kudos to Apple for thanking these guys. This is the way it should be...
Rating: 2 Votes

[ Read All Comments ]