TECH in AMERICA (TiA)

SHARING AMERICA'S TECH NEWS FROM THE VALLEY TO THE ALLEY

Is That USB Charger Safe or Hacking Your Stuff

Fake USB Chargers Could Hack Into iPhones –

– courtesy IDG News Service — You’re waiting at the airport and topping up your iPhone at a public USB charging station. What if that innocent little plug was hacking into your iPhone and installing malicious software? Billy Lau, a research scientist at Georgia Institute of Technology, told attendees at the Black Hat security conference in Las Vegas that it’s possible, though there’s no evidence that anyone has actually tried to create an evil USB plug.

By Florence Ion, courtesy CIO – images[3]

Lau told the conference that while no “arbitrary person” can install an application onto your iPhone, a “Mactans”–a tiny computer housed inside a charging station–can work around Apple’s safeguards. “[This] challenges the very fundamental security assumptions that people make,” Lau had told attendees. “The attack is automatic; simply connecting the device is enough. It’s stealthy. Even if the user looks at the screen there’s no visible sign. And it can install malicious apps on the target device.”

Once you plug your iPhone, the Universal Device ID (UDID) can be extracted just as long as the device doesn’t have a passcode unlock. The Mactans then claims your device as a test subject with any validated Apple developer ID and you can’t reject it since it doesn’t ask for their permission or offer any visual evidence that there’s anything going on in the background.

This is all made possible by a particular option that enables iOS developers to keep apps hidden, which is how the team at Georgia Tech were able to discreetly take over the device. The Mactans then has full access to the operating system.

So is that USB port at the airport trying to hijack your iPhone? Almost certainly not. These security researchers set out to demonstrate the types of malware that are theoretically possible in a time when people become more careless about how and where they charge their phones. And Apple told Reuters that it’s fixed this particular security flaw in iOS 7, due for release this fall, by adding a warning when you attach an iPhone to any device that’s trying to do more than charge your phone. And in the meantime, maybe just limit your iPhone charging to your own power adapters?

 Thank you, TiA

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on August 2, 2013 by in HACKERS and tagged , , , , , , .

Top Posts & Pages

POSTS

Enter your email address to follow this blog and receive notifications of new posts by email.

TEAM TiA!

%d bloggers like this: