Black Hat: Researchers demo charger capable of malicious app installs on iPhone

Share this article:
Apple will now include a fix for the issue in an iOS 7 update planned for the fall.
Apple will now include a fix for the issue in an iOS 7 update planned for the fall.

Researchers demonstrated Wednesday how a craftily built malicious charger for iPhones can trick users into launching a "trojanized" application the looks just like popular apps already on their phones.

Georgia Tech researchers Billy Lau, Chengyu Song and Yeongjin Jang demonstrated for Black Hat conference attendees how their proof-of-concept charger, nicknamed Mactans, could steal phone data like UDID numbers, install and remove apps, or cause a firmware (or factory) reset.

At the session, “Mactans: Injecting Malware into iOS Devices Via Malicious Chargers,” the researchers used a 3-by-3 inch BeagleBoard, which is open-source hardware, to construct the charger that gave them escalated privileges in iOS by creating a “provisioning profile,” a file that permits applications in development to be installed on an iOS device.

According to the presenters, the exploit takes advantage of Apple's lax protocols for authorizing provisioning profiles to developers.

The researchers found that they only needed an Apple user's unique UDID number – which they could obtain easily via a USB connection – to register a provisioning profile. With the profile, they were free to install a hidden malicious app without a user's consent or knowledge.

The exploit doesn't require the phone to be jailbroken, they added.

In their demonstration, the researchers installed a spurious Facebook app which looked exactly like the users' legitimate version.

On the same day as the talk, Apple said it would address the issue in an iOS software update planned for the fall, according to Reuters.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.