Bogus iPhone Chargers Infect Your Device with Malware

Bogus iPhone Chargers Infect Your Device with Malware

Be careful where and what you use to charge your very trusting iPhone because your device could get infected with malicious malware!

Bogus iPhone Chargers Infect Your Device with MalwareResearchers from the Georgia Institute of Technology have created fake iPhone chargers, dubbed “Mactans,” that not only “juices up” your iPhone, but installs custom, malicious applications. Small computers are housed inside these bogus chargers, and your unsuspecting and obedient iPhone doesn’t discriminate as it treats these computers just like any other computer by responding to USB commands. If your iPhone is unlocked while attached to the USB host, the host is in control of your smartphone.

So, how did these researchers do it?

Well, it sounds really simple. They just used the Mactan to install an app package onto an iPhone.

Now, here’s where it gets a bit complicated!

This app package then takes advantage of an Apple-devised system that permits developers to deploy applications to their own devices for testing purposes. This requires an Apple-generated provisioning profile to be installed over USB to identify a specific phone and application, allowing the application to run on the named device.

The malicious charger interrogates your iPhone because it wants to get your phone’s UDID, a unique ID number that identifies your particular iPhone. This vengeful charger then sends your phone’s specific UDID to Apple’s Web page which generates provisioning profiles. These profiles are then deployed to your iPhone, and the vicious malware is identified by the profile.

Once this is done, what can happen?

Researchers gave a Facebook example in which a malicious Facebook app replaced a real app with a trojaned version. This enabled the malware to take screenshots of the iPhone wherever passwords were being entered.

This type of attack does have limitations, though, including:

  • The iPhone’s screen must be unlocked;
  • Generating a provisioning profile requires the attacker to have a valid developer account;
  • A valid developer account can only generate profiles for 100 different phones; and
  • There’s no facility to remove the UDID that associated with the developer’s account.

What has Apple done in response to this discovery?

Bogus iPhone Chargers Infect Your Device with MalwareThey have made the iPhone a little less trusting. iOS 7 will ask users if they want to trust the currently connected device, indicating that it could be a Mactan-like device.

Note: I'd be sure NOT to use those "free" charging stations in airports or any other location, for that matter. I'm sure hackers will soon be swarming to them...especially after this discovery.

Source: http://arstechnica.com/security/2013/07/trusting-iphones-plugged-into-bogus-chargers-get-a-dose-of-malware/

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West
  • New Report Says 1 in 5 SMBs Would Be Forced to Shutter After Successful Cyberattack

    Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat—cyberattacks that could put them out of business. Read Now

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West
  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.