A modified phone charger or battery could be used to hack Apple devices, say researchers from Georgia Tech, who plan to demonstrate a proof-of-concept version at a hacker conference.
They say a readily available circuit board can be concealed in a docking station or battery and used to exploit weaknesses in Apple’s mobile security with alarming ease,
In a summary of a presentation to be given at the Black Hat USA 2013 conference in August, the researchers say they will demonstrate how an Apple device can be compromised within one minute of being plugged into a malicious charger.
“Despite the plethora of defense mechanisms in iOS [Apple’s operating system], we successfully injected arbitrary software into current-generation Apple devices running the latest operating system software.
“All users are affected, as our approach requires neither a jailbroken device nor user interaction,” the summary says.
The researchers say their demonstration will examine Apple’s existing security mechanisms to protect against arbitrary software installation and then describe how USB capabilities can be exploited to bypass these defense mechanisms.
Read more on Apple security
“To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the summary continues.
Apple has not yet responded to the researchers’ claims, which is the first publicised malicious hack using this method, according to Forbes.
The iOS power port has been used previously in jailbreaking to gain additional control over the operating system to enable users to do things like install apps that have not been approved by Apple.
The researchers say the proof-of-concept malicious charger was built with limited amount of time and a small budget.
The Black Hat presentation will consider what more motivated, well-funded adversaries could accomplish.
Finally, the presentation will recommend ways in which users can protect themselves and suggest security features Apple could implement to make such attacks more difficult.