Black Hat: Researchers demo charger capable of malicious app installs on iPhone
Apple will now include a fix for the issue in an iOS 7 update planned for the fall.
Researchers demonstrated Wednesday how a craftily built malicious charger for iPhones can trick users into launching a "trojanized" application the looks just like popular apps already on their phones.
Georgia Tech researchers Billy Lau, Chengyu Song and Yeongjin Jang demonstrated for Black Hat conference attendees how their proof-of-concept charger, nicknamed Mactans, could steal phone data like UDID numbers, install and remove apps, or cause a firmware (or factory) reset.
At the session, “Mactans: Injecting Malware into iOS Devices Via Malicious Chargers,” the researchers used a 3-by-3 inch BeagleBoard, which is open-source hardware, to construct the charger that gave them escalated privileges in iOS by creating a “provisioning profile,” a file that permits applications in development to be installed on an iOS device.
According to the presenters, the exploit takes advantage of Apple's lax protocols for authorizing provisioning profiles to developers.
The researchers found that they only needed an Apple user's unique UDID number – which they could obtain easily via a USB connection – to register a provisioning profile. With the profile, they were free to install a hidden malicious app without a user's consent or knowledge.
The exploit doesn't require the phone to be jailbroken, they added.
In their demonstration, the researchers installed a spurious Facebook app which looked exactly like the users' legitimate version.
On the same day as the talk, Apple said it would address the issue in an iOS software update planned for the fall, according to Reuters.