Researchers from Georgia Tech have uncovered a way to hack into an iPhone or iPad in less than a minute using a "malicious charger." The group plans to present its findings at the Black Hat conference in Las Vegas on July 27, 2013.
Billy Lau, Yeongjin Jang and Chengyu Song are presenting a session is called "Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers" at the popular security conference next month. The name "Mactans" comes from Latrodectus Mactans, the highly venomous (and deadly) black widow spider.
According to the synopsis on the Black Hat website, the Mactans session will describe how USB capabilities can be leveraged to bypass Apple's defense mechanisms built into the iPhone.
To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed.
A BeagleBoard is a low-power open-source hardware single-board computer produced by Texas Instruments in association with Digi-Key.
Perhaps the most amazing aspect of the exploit is that it doesn't require the device to be jailbroken and it can be performed in under a minute according to the team. It also doesn't require a physical access to the device, except for the charger that is. While it would be unusual for dock cables to be left out in public (the things cost almost $20 each), a restaurant or coffee shop could leave some charging cables out for patrons to use (although I've only seen this a couple of times).
I suppose a malicious individual could carry a hacked cable and wait for people to ask to borrow it, but this is a long shot at best. And besides, a dock cable connected to a BeagleBoard would look suspicious to anyone borrowing a cable from a stranger. Details on the hack are slim ahead of the conference but the researchers suggest that someone with more resources could be much more malicious:
While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.
Besides setting up a fake "charging station" in a public place, one use case could be a dock cable connected to a "battery" with a BeagleBoard hidden inside. I guess the moral of the story is not to be promiscuous with your iPhone and iPad charging, at least until the details of the hack are released next month.