The blog of Xeno, a slightly mad scientist
At the Black Hat event taking place in Las Vegas, three individuals showed off a security issue that leaves iPhones and iPads open to hacks when connected to a fake charging station, something they reportedly informed Apple of earlier in 2013. An Apple spokesperson publicly thanked the researchers today in a statement to Reuters, and a fix has been included in the newest iOS 7 beta release.
The vulnerability was found by researchers Yeongjin Jang and Chengyu Song, both of whom are graduate students, and a scientist at the Georgia Institute of Technology, Billy Lau. To demonstrate the threats posed, the team spent around $45 and a week designing a charger that was connected to a small computer running Linux, allowing them to infiltrate iOS devices.
Fake charging stations such as the one created can be used for a variety of different malicious purposes, but in the conference the researchers elected to infect the connected iPhone with a virus, causing the handset to successfully call the smartphone of a team member. For someone with ill intent, sensitive data could be stolen, or the device could be taken over remotely.
Apple’s solution to the problem is to implement the same sort of solution Android has to avoid this issue: a notification allowing the user to see that they’re connected to a computer rather than just a charging station. The feature is already available in the latest iOS 7 beta release, and will be featured in the final software when it is released. .