Have you ever been tempted to use a public charging station for your phone? Chances are it’s OK, but three Georgia Tech security researchers at the Black Hat conference in Las Vegas showed how easy it is for a rogue “charger” to transfer malware to an iPhone or other iOS device.
The “Mactans charger” is actually a small computer masquerading as a charger. When a user plugs an iOS device’s into its USB port, the device can transfer malware to the phone in under a minute. Once infected, the attacker can swap out your legitimate apps with malicious ones that can take control of your device.
At a press conference ahead of their Black Hat presentation, Billy Lau, Yeongjin Jang and Chengyu Song showed reporters how quickly the device could connect to the phone and replace the phone’s legitimate Facebook app with a rogue app. The user does have to enter the password if the phone is protected and not active but the phone doesn’t have to be jail broken. It works on current generation iOS devices.
Apple said that it has fixed the problem in its upcoming iOS 7 operating system, which will be released this fall, with a warning to the user to be sure they are using a trusted charger.
The researchers pointed out their Mactans rogue charger “was built with limited amount of time and a small budget,” but that its worth considering what ” more motivated, well-funded adversaries could accomplish.”
The Black Hat conference, which runs Wednesday and Thursday in Las Vegas, is where security researchers (some call the “hackers”) demonstrate flaws so that companies can fix any holes, hopefully, before they are exploited by criminals.