The team, who will present their work at the forthcoming Black Hat security conference in Las Vegas, claim the method works for handsets running the latest version of iOS and does not require a jailbroken phone.
Researchers Billy Lau, Yeongjin Jang and Chengyu Song claim to have used the USB capailities in the iPhone charger to bypass the handset's built-in defences.
“The results were alarming. Despite the plethora of defence mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices,” the team said. The malicious charger, dubbed Mactans, was built using a BeagleBoard, which is a low-cost, credit card-sized computer.
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the team said.
While the malicious charger is currently just a proof of concept device, the researchers warned that better-funded, highly motivated attackers could achieve more devastating attacks. And given the proliferation of knock-off chargers available for iPhone users, and increasingly common connection points and docking stations at photo shops or hotel lobbies, users would be well advised to treat these little white plugs with caution.
While the volume of mobile malware has been rocketing recently, most of its has been targeted at the Android platform. According to antivirus vendor F-Secure, the first three months of 2013 saw a 50 percent rise year-on-year in the volume of Android malware.
No comments:
Post a Comment