Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS 7 Beta 4 Contains Fix For Malicious Charger Hack

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,506
30,783



iphone_charger_china-250x250.jpg
Earlier this year, a trio of computer scientists discovered a flaw in iOS 6 that would theoretically allow an iPhone or an iPad to be hacked using a "malicious USB charger."

The researchers demonstrated the hack at the Black Hat Convention in Las Vegas today, showing off a custom built charger that was plugged into an iPhone. The charger, which took a week to design and cost just $45 in components, contained a small Linux computer programmed to launch an attack on iOS devices.
In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple's existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.
Click to expand...
According to a report from Reuters, the security flaw that could allow a fake charging station to potentially hack an iOS device has already been repaired in iOS 7.
Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
Click to expand...
During the convention, the researchers successfully used the device they had constructed to hack into an iPhone, programming it to dial another phone. The group, worried that criminals might use the hack in malicious ways, publicized the issue in the spirit of "white hat" hacking.

iOS 7, which is already in the hands of developers, is expected to be released to the general public this fall. Along with a fix for the charger hack, it also includes a number of new features like an overhauled Notification Center, a new Control Center, and a complete redesign. Apple continues to regularly release beta updates for the operating system, adding additional minor performance boosts and changes ahead of its official release.

Article Link: iOS 7 Beta 4 Contains Fix For Malicious Charger Hack
 
Article Link
https://www.macrumors.com/2013/07/31/ios-7-beta-4-contains-fix-for-malicious-charger-hack/
lolkthxbai

lolkthxbai

macrumors 65816
May 7, 2011
1,426
489
Nice! It's good to see security researchers pushing the limits to uncover any exploits and share them in the spirit of "white hat" hacking.

----------
ChrisTX said:
I'm glad there's a fix coming, but I always use Apple branded chargers. :cool:
Click to expand...

After this and the news of Chinese chargers possibly electrocuting people, I wouldn't be surprised if people thought twice before buying that $2-$5 charger on amazon.
 
C

CFreymarc

Suspended
Sep 4, 2009
3,969
1,149
ChrisTX said:
I'm glad there's a fix coming, but I always use Apple branded chargers. :cool:
Click to expand...

I was very impressed by the charger hack demo. Also impressed it was handled this quick. For a while, it had me looking at these public charging stations that you see at airports and coffee house with concern when I couldn't see the other end plugged into a wall socket.
 
macs4nw

macs4nw

macrumors 601
Sep 21, 2010
4,336
1,933
Next-door from the little old lady from Pasadena..
MacRumors said:
.....Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.

Article Link: iOS 7 Beta 4 Contains Fix For Malicious Charger Hack
Click to expand...

APPLE took that really well, for a change. They haven't always been so gracious in the past.
 
Squilly

Squilly

macrumors 68020
Nov 17, 2012
2,260
4
PA
Reminds me of the counterfeit Lightning cable spoof that bypasses Apple's "generic cable message"
 
Klae17

Klae17

macrumors 65816
Jul 15, 2011
1,227
1,577
I really don't think the majority of us were at risk to this hack but it is good to see Apple respond to security flaws. Nice on the researchers part too.
 
gngan

gngan

macrumors 68000
Jan 1, 2009
1,829
72
MacWorld
This reminds me the PSP hack. Where people can modify the battery to fix the 'brick' PSP. I wonder if this would work for JB. If yes then forever JB anything below iOS 6.
 
nagromme

nagromme

macrumors G5
May 2, 2002
12,546
1,196
I'm curious to see a picture of this malicious charger. Getting it small enough to be appealing would probably take some doing; AppleInsider has a pic if the mini-Linux-computer used, and small as it is, it's still just one component and is pretty big! You almost might as well disguise a Mac Mini as a charger.

(In fact, you could do just that, if you can convince people to plug into a "public" charge port, where the charger hardware is hidden out of sight.)

macs4nw said:
APPLE took that really well, for a change. They haven't always been so gracious in the past.
Click to expand...

Actually they have often given public credit to those who have found flaws.

Not everyone who finds a flaw deserves gracious treatment: some of them are after fame (or even malicious acts for pay) and don't care who gets hurt or hacked. Others handle the information responsibly.
 
mikeinternet

mikeinternet

macrumors 6502a
Nov 1, 2006
630
2
Oaklnad, CA
nagromme said:
...(In fact, you could do just that, if you can convince people to plug into a "public" charge port, where the charger hardware is hidden out of sight.)...
Click to expand...

This was my thought. I don't see the need to squeeze it into a apple-esque charger. Since the easiest way to implement it would be through a free public charging station type setup.
 
Pakaku

Pakaku

macrumors 68040
Aug 29, 2009
3,137
4,446
bjsterilite said:
After this and the news of Chinese chargers possibly electrocuting people, I wouldn't be surprised if people thought twice before buying that $2-$5 charger on amazon.
Click to expand...

They're all made in China. Regardless...
 
D

df22799

macrumors member
Feb 11, 2012
32
53
how come this is new in beta 4?
I had these warning windows form beta 1 or maybe 2...
 
A

AnonMac50

macrumors 68000
Mar 24, 2010
1,578
324
gngan said:
This reminds me the PSP hack. Where people can modify the battery to fix the 'brick' PSP. I wonder if this would work for JB. If yes then forever JB anything below iOS 6.
Click to expand...

Modify the battery and the memory stick. And just the same way you can fix it.
 
R

rmwebs

macrumors 68040
Apr 6, 2007
3,140
0
I've got no problem with them enforcing these restrictions on Apple CHARGERS but I would be pissed if they restrict the cable itself - there is no need to do that.
 
localoid

localoid

macrumors 68020
Feb 20, 2007
2,447
1,739
America's Third World
nagromme said:
I'm curious to see a picture of this malicious charger. Getting it small enough to be appealing would probably take some doing; AppleInsider has a pic if the mini-Linux-computer used, and small as it is, it's still just one component and is pretty big! You almost might as well disguise a Mac Mini as a charger....
Click to expand...

Below, a pic of the "Mactans charger" from a Forbes article, which is said to be what was demoed @ Black Hat.

Screen-Shot-2013-07-31-at-4.06.10-PM.png


The mini-PC used was a BeagleBoard, which is about 3 inches square in size.
 
Last edited:
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
RobertMartens said:
Think twice and then still buy them, because they work.
Click to expand...

If you want to save money: The reason why the fakes are dangerous is because of the small size. It's difficult to put a converter from 220V to 5V or whatever it is into such a small space and make it safe. If you buy a big old charger then it may be ugly, but it is much easier to produce one to make it safe, just because there is much more space to keep things apart that mustn't touch.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom