Georgia Tech trio to reveal iOS test exploit at Black Hat

Jun 04, 2013 by Nancy Owano weblog
Georgia Tech trio to reveal iOS test exploit at Black Hat

(Phys.org) —Apple's iOS devices such as smartphones are considered relatively secure, so when an Apple customer pays more for an Apple device with iOS there is that reassuring feeling of confidence that the investment is worth it for security sake. Next month at the Black Hat conference, however, three security researchers from Georgia Tech will show that using chargers to power up iOS devices may be a direct path to insecurity. The three, Billy Lau, Yeongjin Jang, and Chengyu Song, will discuss how their proof of concept charger can hack Apple devices easily, in under a minute—and, we might add, hack devices running the latest version of Apple iOS.

They pushed software onto an iOS device using a charger. They will provide more detail at the Black Hat event conference which takes place in Las Vegas from July 27 to August 1.

Technology-watching sites have already, though, posted the web site's overview description of the upcoming talk. The one word that stands out in the summary is "alarming." They wrote that "Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which were considered when performing everyday activities such as charging a device."

That is when the "A" word came in. They said, "The results were alarming: despite the of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software."

Their investigation did not need a jailbroken device and it did not need any user interaction.

The charger was built around a single-board computer, the open source BeagleBoard. "We built a malicious charger, called Mactans, using a BeagleBoard," they wrote. They chose BeagleBoard to show how easy it was to construct "malicious" USB chargers. BeagleBoard in a single small package can work with the functionality of a laptop. Its roots are in a group of people including several employees of Texas Instruments who provided a low-cost, fan-less single-board computers based on low-power Texas Instruments processors featuring the ARM Cortex-A series core.

The three pose the question that if they were able to build Mactans in a limited amount of time and with a small budget, what could motivated, better-funded people with bad intentions accomplish?

The authors said they can recommend ways in which users can protect themselves and can suggest security features that Apple can put in place to make attacks by way of chargers more difficult to accomplish.

Andy Greenberg of Forbes spoke to one of the Georgia Tech team, Yeongjin Jang, who said that had been contacted about the exploit.

Explore further: Apple annual developers conference set for June

More information: www.forbes.com/sites/andygreenberg/2013/06/02/researchers-say-they-can-hack-your-iphone-with-a-malicious-charger/

Related Stories

Apple granted patent on new augmented reality technology

Mar 20, 2013

(Phys.org) —Apple Inc. has been granted a patent for an application filed with the U.S. Patent Office in 2010 for "Synchronized, interactive augmented reality displays for multifunction devices." The patent ...

iOS 5 jailbroken before its release

Jun 07, 2011

(PhysOrg.com) -- The beta version of iOS has already been jailbroken, which is interesting when you consider that the iOS 5 was only announced 24 hours prior to the jailbreak, at the Apple keynote address ...

Recommended for you

Android gains in US, basic phones almost extinct

10 hours ago

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

LinkedIn membership hits 300 million

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

Impact glass stores biodata for millions of years

(Phys.org) —Bits of plant life encapsulated in molten glass by asteroid and comet impacts millions of years ago give geologists information about climate and life forms on the ancient Earth. Scientists ...