Jailbreakers have you heard the good news? Researchers with Georgia Tech discovered how a charger can hack your iPhone, just in time for the July 27th Black Hat computer security conference in Las Vegas. Perhaps the new “discovery” could lead to a whole new kind of jailbreaks.
Apple’s iOS has been increasingly hard to break into, until the latest release which made the evad3rs’ evasi0n jailbreak useless. Exploits have become more and more difficult to find, as Apple has patched most access points into the root file. Only a few developers considered using the USB port to inject the hack, but Georgia Tech researchers’ announcement was the first serious one to confirm a successful hack of an iPhone with a charger.
“(W)e investigated the extent to which security threats were considered when performing everyday activities such as charging a device” explained the Georgia Tech researchers. “The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software” their research reads.
The malicious charger was named Mactans and contains an open-source single board computer built by Texas Instruments and called BeagleBoard. The hardware proved to be capable of delivering a hack into the iPhone without requiring a jailbroken device or any user activity apart from plugging the charger into the device. Researchers explain the choice of “hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed”.
The charger was built to warn that such attacks are definitely possible and researchers note that “more motivated, well-funded adversaries could accomplish” a much more dangerous device, seeing as they were building theirs “with limited amount of time and a small budget”. Researchers say that their malicious chargers injects the iPhone with a hidden software that works “in the same way Apple hides its own built-in applications”.
For their upcoming Black Hat demonstration, researchers promise they will “recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off”.