iOS 7 Beta 4 Contains Fix For Malicious Charger Hack

iphone_charger_chinaEarlier this year, a trio of computer scientists discovered a flaw in iOS 6 that would theoretically allow an iPhone or an iPad to be hacked using a "malicious USB charger."

The researchers demonstrated the hack at the Black Hat Convention in Las Vegas today, showing off a custom built charger that was plugged into an iPhone. The charger, which took a week to design and cost just $45 in components, contained a small Linux computer programmed to launch an attack on iOS devices.

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

According to a report from Reuters, the security flaw that could allow a fake charging station to potentially hack an iOS device has already been repaired in iOS 7.

Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.

During the convention, the researchers successfully used the device they had constructed to hack into an iPhone, programming it to dial another phone. The group, worried that criminals might use the hack in malicious ways, publicized the issue in the spirit of "white hat" hacking.

iOS 7, which is already in the hands of developers, is expected to be released to the general public this fall. Along with a fix for the charger hack, it also includes a number of new features like an overhauled Notification Center, a new Control Center, and a complete redesign. Apple continues to regularly release beta updates for the operating system, adding additional minor performance boosts and changes ahead of its official release.

Top Rated Comments

kalsta Avatar
111 months ago
I'm curious to see a picture of this malicious charger.

Score: 25 Votes (Like | Disagree)
moxin Avatar
111 months ago
Still, not enough to make me upgrade to iOS 7. Nice try Apple

Yup people at Apple are really tying hard to get you back son.
Score: 10 Votes (Like | Disagree)
macs4nw Avatar
111 months ago
.....Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.

Article Link: iOS 7 Beta 4 Contains Fix For Malicious Charger Hack (https://www.macrumors.com/2013/07/31/ios-7-beta-4-contains-fix-for-malicious-charger-hack/)

APPLE took that really well, for a change. They haven't always been so gracious in the past.
Score: 9 Votes (Like | Disagree)
JAT Avatar
111 months ago
APPLE took that really well, for a change. They haven't always been so gracious in the past.

Perhaps the lack of blackmail was a factor.
Score: 6 Votes (Like | Disagree)
lolkthxbai Avatar
111 months ago
Nice! It's good to see security researchers pushing the limits to uncover any exploits and share them in the spirit of "white hat" hacking.

----------

I'm glad there's a fix coming, but I always use Apple branded chargers. :cool:

After this and the news of Chinese chargers possibly electrocuting people, I wouldn't be surprised if people thought twice before buying that $2-$5 charger on amazon.
Score: 4 Votes (Like | Disagree)
LeandrodaFL Avatar
111 months ago
Still, not enough to make me upgrade to iOS 7. Nice try Apple
Score: 3 Votes (Like | Disagree)

Popular Stories

safari icon blue banner

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

Sunday January 16, 2022 3:37 pm PST by
A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS. In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session....
iPhone 14 Mock pill and hole thumb

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Sunday January 16, 2022 8:56 am PST by
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst. Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
iPad Air Feature 2 green

New Apple Products Filed in Regulatory Database, Likely Including New iPhone SE and iPad Air

Tuesday January 18, 2022 6:11 am PST by
Apple today filed unreleased iPhone and iPad models in the Eurasian Economic Commission database, as spotted by French blog Consomac. The filings likely represent the rumored third-generation iPhone SE, fifth-generation iPad Air, and potentially more. The unreleased iPhone models have the identifiers A2595, A2783, and A2784, while the unreleased iPad models have the identifiers A2588, A2589, ...
AirPods 3 New Firmware Feature

Apple Updates AirPods 3 Firmware to Version 4C170

Tuesday January 18, 2022 11:46 am PST by
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December. Apple does not offer details on what's included in new firmware updates for the AirPods‌, so we don't know what improvements or bug fixes the new firmware brings. There is no standard way to upgrade the ‌AirPods‌‌ software, but firmware is...
iphone 5g mmwave

U.S. Airlines Warn of 'Catastrophic' Crisis With Impending 5G Rollout, AT&T and Verizon Agree to Delay Around Airports

Tuesday January 18, 2022 10:35 am PST by
Verizon and AT&T's upcoming rollout of new C-Band 5G technology could cause chaos and lead to widespread delays of passenger and cargo flights, major U.S. airlines said on Monday in a letter sent to the White House National Economic Council, the FAA, and the FCC (via Reuters). "Unless our major hubs are cleared to fly, the vast majority of the traveling and shipping public will essentially...
iphone se 2020 top

iPhone SE With Larger 5.7-Inch Display May Launch in 2023, 'iPhone SE+ 5G' Also Rumored

Monday January 17, 2022 6:46 am PST by
Apple is planning to release a fourth-generation iPhone SE with a larger 5.7-inch display as early as 2023, according to display industry consultant Ross Young, who has proven to be a reliable source of information for future Apple products. The fourth-generation iPhone SE has until now been rumored to launch in 2024, but Young now says a 2023 release is looking more likely....
tesla carplay solution

Developer Showcases Apple CarPlay Workaround for Teslas

Monday January 17, 2022 7:24 am PST by
A Tesla Model 3 owner has resorted to a workaround to implement Apple CarPlay in his vehicle, amid no sign of official support from Tesla (via Tesla North). Apple CarPlay and Apple Music support are among the most-requested Tesla features, but with no indication that Tesla is willing to implement Apple CarPlay in its vehicles, Polish developer Michał Gapiński took matters into his own...
ipad air 4 video

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Saturday January 15, 2022 8:05 pm PST by
Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara. Citing reliables sources in China, the report claims that the new iPad Air could be...