Wednesday, July 31, 2013, 07:42 pm PT (10:42 pm ET)
Apple's iOS 7 to patch 'power adapter' security flaw demonstrated at Black Hat conventionApple said it will roll out a fix to a relatively obscure security flaw that allows hackers to access sensitive information on an iPhone or iPad via a "modified charger," with the patch already instituted in the latest iOS 7 beta.
Example of BeagleBoard computer used in Mactans hack.
As reported by Reuters, Apple will have a fix ready for a security hole that lets nefarious parties insert malware onto an iOS device when it is attached to a small Linux computer made to look like a power adapter. The hack, called Mactans, was demonstrated at the 2013 Black Hat convention on Wednesday.
Apple was previously made aware of the vulnerability by the three Georgia Institute of Technology researchers who discovered it earlier this year. The company said a patch for the flaw is already present in the latest iOS 7 beta.
"We would like to thank the researchers for their valuable input," Neumayr said.
According to Billy Lau, one of the researchers responsbile for the discovery, the custom-built charger is packed with a $45 BeagleBoard computer programmed to install malicious software onto any iOS device. He said the unit took one week to design.
From Lau's Black Hat demo brief:
This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.
In Wednesday's demo, the fake charger infected an iPhone 5 running iOS 6 with a virus, which subsequently directed it to dial the phone number of one of the researchers.
"It can become a spying tool," said Lau.
As for Apple's fix, Lau said iOS 7 will notify users when they are connected to a computer, rather than a regular charger, making it easier to distinguish an attempted hack.
Black Hat holds annual conventions around the world to bring together top security professionals for training, briefings and workshops.
On Topic: iOS
- New Android "RAT" infects Google Play apps, turning phones into spyware zombies
- Amazon takes online sales management mobile with Amazon Seller iOS app
- Apple releases iOS 7-styled iTunes Festival app update, does not require iOS 7.1
- CarPlay development characterized as easy, but Apple planning 'slow and steady' rollout
- Apple approaching March 31 deadline for FTC in-app purchase settlement compliance