Researchers from the Georgia Institute of Technology will be demonstrating a proof-of-concept method of hacking an iPhone using a malicious USB charger. Billy Lau, Yeongjin Jang, Chengyu Song announced the demonstration for Black Hat USA 2013, an annual conference for hackers and security researchers that begins on July 27th in Las Vegas.
The short version is the three researchers found a way to use USB protocols to bypass some of Apple’s security features in iOS that prevent unauthorized software from being installed on your iOS device. The three built a charger based on a BeagleBoard (see below)—a US$125 computer-on-a-circuit-board—that was able to successfully insert malware onto an iPhone plugged into it.
Worse, they can do so in under a minute.
“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers wrote on their BlackHat presentation description. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
In the demonstration, they said will discuss Apple’s existing security mechanisms that protect against “arbitrary software installation,” which in layman’s terms essentially means malware. They will then describe how standard USB capabilities can be, “leveraged to bypass these defense mechanisms.” To finish it off, they will demonstrate how this same process can be used to then hide the resulting malware from the user the same way Apple hides its own built in software.
The three researchers named their malicious charger “Mactans.”
The BeagleBoard it is based on is an off-the-shelf circuit board that can be used to create all manner of tiny computing devices running Angstrom (Open Embedded), Debian, Ubuntu, and Gentoo. There are other BeagleBoard products as well, including a slightly larger model with a 1GHz Sitara ARM Cortex-A8 processors that can run Android.
The point the researchers are making is that their method can be accomplished with readily available technology.
“While Mactans was built with limited amount of time and a small budget,” they wrote, “we also briefly consider what more motivated, well-funded adversaries could accomplish.”
The researchers will offer methods for protecting yourself against such an attack—we’ll throw out that you should probably be choosy about using a charger whose provenance you can’t verify—and what Apple can do to make this attack, “substantially more difficult to pull off.”