iOS 7 Beta 4 Contains Fix For Malicious Charger Hack
The researchers demonstrated the hack at the Black Hat Convention in Las Vegas today, showing off a custom built charger that was plugged into an iPhone. The charger, which took a week to design and cost just $45 in components, contained a small Linux computer programmed to launch an attack on iOS devices.
In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.
According to a report from Reuters, the security flaw that could allow a fake charging station to potentially hack an iOS device has already been repaired in iOS 7.
Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
During the convention, the researchers successfully used the device they had constructed to hack into an iPhone, programming it to dial another phone. The group, worried that criminals might use the hack in malicious ways, publicized the issue in the spirit of "white hat" hacking.
iOS 7, which is already in the hands of developers, is expected to be released to the general public this fall. Along with a fix for the charger hack, it also includes a number of new features like an overhauled Notification Center, a new Control Center, and a complete redesign. Apple continues to regularly release beta updates for the operating system, adding additional minor performance boosts and changes ahead of its official release.