Black Hat: Researchers demo charger capable of malicious app installs on iPhone

Share this article:
Apple will now include a fix for the issue in an iOS 7 update planned for the fall.
Apple will now include a fix for the issue in an iOS 7 update planned for the fall.

Researchers demonstrated Wednesday how a craftily built malicious charger for iPhones can trick users into launching a "trojanized" application the looks just like popular apps already on their phones.

Georgia Tech researchers Billy Lau, Chengyu Song and Yeongjin Jang demonstrated for Black Hat conference attendees how their proof-of-concept charger, nicknamed Mactans, could steal phone data like UDID numbers, install and remove apps, or cause a firmware (or factory) reset.

At the session, “Mactans: Injecting Malware into iOS Devices Via Malicious Chargers,” the researchers used a 3-by-3 inch BeagleBoard, which is open-source hardware, to construct the charger that gave them escalated privileges in iOS by creating a “provisioning profile,” a file that permits applications in development to be installed on an iOS device.

According to the presenters, the exploit takes advantage of Apple's lax protocols for authorizing provisioning profiles to developers.

The researchers found that they only needed an Apple user's unique UDID number – which they could obtain easily via a USB connection – to register a provisioning profile. With the profile, they were free to install a hidden malicious app without a user's consent or knowledge.

The exploit doesn't require the phone to be jailbroken, they added.

In their demonstration, the researchers installed a spurious Facebook app which looked exactly like the users' legitimate version.

On the same day as the talk, Apple said it would address the issue in an iOS software update planned for the fall, according to Reuters.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.