Category: Bootloader


Researchers describe hacking iOS devices with malicious charger

Researchers from the Georgia Institute of Technology will be demonstrating a proof-of-concept method of hacking an iPhone using a malicious USB charger. Billy Lau, Yeongjin Jang, Chengyu Song announced the demonstration for Black Hat USA 2013, an annual conference for hackers and security researchers that begins on July 27th in Las Vegas.

The short version is the three researchers found a way to use USB protocols to bypass some of Apple’s security features in iOS that prevent unauthorized software from being installed on your iOS device. The three built a charger based on a BeagleBoard (see below)—a US$125 computer-on-a-circuit-board—that was able to successfully insert malware onto an iPhone plugged into it.

Worse, they can do so in under a minute.

“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers wrote on their BlackHat presentation description. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

In the demonstration, they said will discuss Apple’s existing security mechanisms that protect against “arbitrary software installation,” which in layman’s terms essentially means malware. They will then describe how standard USB capabilities can be, “leveraged to bypass these defense mechanisms.” To finish it off, they will demonstrate how this same process can be used to then hide the resulting malware from the user the same way Apple hides its own built in software.

The three researchers named their malicious charger “Mactans.”

The BeagleBoard it is based on is an off-the-shelf circuit board that can be used to create all manner of tiny computing devices running Angstrom (Open Embedded), Debian, Ubuntu, and Gentoo. There are other BeagleBoard products as well, including a slightly larger model with a 1GHz Sitara ARM Cortex-A8 processors that can run Android.

The point the researchers are making is that their method can be accomplished with readily available technology.

“While Mactans was built with limited amount of time and a small budget,” they wrote, “we also briefly consider what more motivated, well-funded adversaries could accomplish.”

The researchers will offer methods for protecting yourself against such an attack—we’ll throw out that you should probably be choosy about using a charger whose provenance you can’t verify—and what Apple can do to make this attack, “substantially more difficult to pull off.”

Source: UPI

HTC tool unlocks bootloader on some Android devices

Last summer, phone maker HTC raised eyebrows by announcing it would enable users to unlock the bootloaders on some of its most popular phones, enabling technically-inclined customers to root the devices and install custom operating systems or, really, any darn thing they like. Now, HTC has come through, releasing a tool to unload the bootloader on phones launched after September 2011. HTC also says it is working to make the bootloader operational on phones launched before September 2011.

The company has offered a complete list of devices currently supported by the tool. HTC notes some devices may never be supported by the unlock tool due to operator restrictions.

HTC had previously gone to some lengths to lock down bootloaders on its Android devices—partly as a defense against malicious software—but reversed course in the face of strong feedback from technically-inclined customers who feel that the ability to install their own custom operating systems is a key element of Android’s “openness.” (HTC says it was “overwhelmed by the enthusiasm of our fans.”) After all, what’s the point of an operating system being available as open source if programmers can’t download it and install it on devices?

For ambitious users, unlocking the bootloader may be a quick way to get Android 4 Ice Cream Sandwich onto HTC devices without waiting for official updates.

HTC is clear that it not officially supporting devices that have been unlocked with the bootloader, merely allowing users to unlock their devices at their own risk—and may mean they’re no longer covered by device warranties. HTC also notes that it’s possible unlocking devices may have unintended consequences, including overheating.

Ryan:  Ultimately, the main reason why I sold my HTC Desire Z and went back to BlackBerry was because of the buggy HTC Sense interface.  I am glad HTC is giving its customers more choice by allowing them to use a bootloader, “at their own risk” of course.

Source: DigitalTrends