Bogus iPhone Chargers Infect Your Device with Malware

Bogus iPhone Chargers Infect Your Device with Malware

Be careful where and what you use to charge your very trusting iPhone because your device could get infected with malicious malware!

Bogus iPhone Chargers Infect Your Device with MalwareResearchers from the Georgia Institute of Technology have created fake iPhone chargers, dubbed “Mactans,” that not only “juices up” your iPhone, but installs custom, malicious applications. Small computers are housed inside these bogus chargers, and your unsuspecting and obedient iPhone doesn’t discriminate as it treats these computers just like any other computer by responding to USB commands. If your iPhone is unlocked while attached to the USB host, the host is in control of your smartphone.

So, how did these researchers do it?

Well, it sounds really simple. They just used the Mactan to install an app package onto an iPhone.

Now, here’s where it gets a bit complicated!

This app package then takes advantage of an Apple-devised system that permits developers to deploy applications to their own devices for testing purposes. This requires an Apple-generated provisioning profile to be installed over USB to identify a specific phone and application, allowing the application to run on the named device.

The malicious charger interrogates your iPhone because it wants to get your phone’s UDID, a unique ID number that identifies your particular iPhone. This vengeful charger then sends your phone’s specific UDID to Apple’s Web page which generates provisioning profiles. These profiles are then deployed to your iPhone, and the vicious malware is identified by the profile.

Once this is done, what can happen?

Researchers gave a Facebook example in which a malicious Facebook app replaced a real app with a trojaned version. This enabled the malware to take screenshots of the iPhone wherever passwords were being entered.

This type of attack does have limitations, though, including:

  • The iPhone’s screen must be unlocked;
  • Generating a provisioning profile requires the attacker to have a valid developer account;
  • A valid developer account can only generate profiles for 100 different phones; and
  • There’s no facility to remove the UDID that associated with the developer’s account.

What has Apple done in response to this discovery?

Bogus iPhone Chargers Infect Your Device with MalwareThey have made the iPhone a little less trusting. iOS 7 will ask users if they want to trust the currently connected device, indicating that it could be a Mactan-like device.

Note: I'd be sure NOT to use those "free" charging stations in airports or any other location, for that matter. I'm sure hackers will soon be swarming to them...especially after this discovery.

Source: http://arstechnica.com/security/2013/07/trusting-iphones-plugged-into-bogus-chargers-get-a-dose-of-malware/

About the Author

Ginger Hill is Group Social Media Manager.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.