Researchers to demo iPhone hack via 30-pin dock cable

Researchers to demo iPhone hack via 30-pin dock cable

Summary: A new iPhone vulnerability targets the 30-pin dock connector found on all iPhones and iPads sold before the iPhone 5 was announced in September 2012.

TOPICS: Apple, iOS, iPhone, iPad, Security
New exploit attacks iPhone via 30-pin charging cable - Jason O'Grady

Researchers from Georgia Tech have uncovered a way to hack into an iPhone or iPad in less than a minute using a "malicious charger." The group plans to present its findings at the Black Hat conference in Las Vegas on July 27, 2013. 

Billy Lau, Yeongjin Jang and Chengyu Song are presenting a session is called "Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers" at the popular security conference next month. The name "Mactans" comes from Latrodectus Mactans, the  highly venomous (and deadly) black widow spider.

According to the synopsis on the Black Hat website, the Mactans session will describe how USB capabilities can be leveraged to bypass Apple's defense mechanisms built into the iPhone.

To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. 

A BeagleBoard is a low-power open-source hardware single-board computer produced by Texas Instruments in association with Digi-Key.

Perhaps the most amazing aspect of the exploit is that it doesn't require the device to be jailbroken and it can be performed in under a minute according to the team. It also doesn't require a physical access to the device, except for the charger that is. While it would be unusual for dock cables to be left out in public (the things cost almost $20 each), a restaurant or coffee shop could leave some charging cables out for patrons to use (although I've only seen this a couple of times).

I suppose a malicious individual could carry a hacked cable and wait for people to ask to borrow it, but this is a long shot at best. And besides, a dock cable connected to a BeagleBoard would look suspicious to anyone borrowing a cable from a stranger. Details on the hack are slim ahead of the conference but the researchers suggest that someone with more resources could be much more malicious:

While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.

Besides setting up a fake "charging station" in a public place, one use case could be a dock cable connected to a "battery" with a BeagleBoard hidden inside. I guess the moral of the story is not to be promiscuous with your iPhone and iPad charging, at least until the details of the hack are released next month. 

Topics: Apple, iOS, iPhone, iPad, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So it can be hacked through a hard-wired connection to the main I/O port.

    There's a real shocker!!!
    • Just like

      Any other device can be hacked given physical access of some sort.
  • Anything that physically touches a device can be turned into a Trojan

    This is why you should never hook up ANY device to some random connector, just like you shouldn't hook up "free junk" to PC.

    Hooking up a smartphone to a "public" charger is like using your ATM card in a stand-alone machine in some random public place.
    • Even my Nokia Lumia 920?

      Oops, no, it is safe. Not only is there no malware for WP8 because the OS is better designed, my Lumia charges wirelessly making it even more secure.

      Kudos Nokia for making secure hardware and Microsoft for making secure software.
      • Windows is great

        There is of course not any vulnerability in Windows. That code base has the reputation of never ever being hacked, for few decades already. When combined with Nokia hardware, this makes not only the best ever smartphone built, but also the most secure on. /s

        The one wakes up, and discovers their toes in the outlet.
        • Where is the WP8 malware?

          Talk is cheap. Links please.

          If you can't find any, that proves WP8 is secure by design and ios isn't.
          • Google

            Had this:


            Granted it's a prototype but there you go. And BTW NO device is safe from a physical access hack or exploit - not even your WP8 device.
          • This article...

            ...references a "purported" hack that was to be subsequently demonstrated in 2012. Further search does not turn up any follow-up reference to said malware, lab or in the wild. Now while I'll agree LD's claim is specious, lobbing out a link that only hints at a counter-argument is hardly any better.

            So...get this. It's been reported that I just wrote a cross-platform bit of code that just pwned every phone in the world - cellular, satellite, wireless, corded - _every_ phone, noobs. Oh, it was also distributed by a new network protocol I developed that transmits via sunlight and/or rainbows. If your phone has ever been exposed to either, I pwn it.

            It's on the interwebs so it must be true, right? /s
      • The "security by obscurity" argument

        Is just as lame for WP as it is for Linux. That may not be what you meant with your post but that's how it came across to me.
      • I guess you didn't notice that your Lumia 920...

        actually has a microUSB port on it.

        Kudos, NonZealot, for giving us someone to laugh at.
  • Meanwhile, there's an unfixed security flaw in Microsoft Windows

    Microsoft should investigate and fix this security flaw in Microsoft Windows.

    This article was originally about iPhone, but some other poster brought Microsoft into the discussion, so I guess that means it's OK to expand the topic of this thread to talk about security flaws in Microsoft Windows, then.