Apple fixes Malicious Charger Hack in iOS 7

mactans-charger

Earlier in the year, three security researchers Georgia Institute of Technology had announced that they can hack an iPhone with a malicious charger.

As promised, at the Black Hat security conference yesterday, the security researchers demonstrated how it was possible to hack an iPhone using a malicious charger called Mactans (scientific name of the Black Widow spider), using BeagleBoard, a low-power open-source hardware single-board computer produced by Texas Instruments that costs $45.

From Black Hat’s website:

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

Andy Greenberg, Forbes technology and information security reporter explains that the researchers took advantage of a security flaw in Apple’s developer model, which allows anyone with a developer license to install third-party apps on a registered device.

So Mactans reads a connected device’s Unique Device Identifier, registers it as a developer’s test device in seconds, and then uses its privileges as a developer to install its malware.

For the demonstration, the security researchers created a malicious version of the Facebook app that runs in the background, capable of taking screenshots, simulating button touches, and sending data to a remote server. The malicious app deletes the legitimate Facebook app and replaces it with the malicious version in the same location on the device.

Reuters however reports that Apple has informed them that the security flaw has been fixed in the latest beta version of iOS 7.

Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.

“We would like to thank the researchers for their valuable input,” Apple spokesman Tom Neumayr said.

iOS 7 prompts a new warning message to the user when they plug their iOS device to any device that attempts to establish a data connection informing them that “Trusting this computer will allow it full access to your device and all its data.”

ios7-beta-warning

Image Credit: Reader Erik

Apple is expected to release iOS 7 to the public only in September, so it remains to be seen if Apple will release an iOS 6.1.x software update to address the security flaw now.

If you’ve jailbroken your device, then you can install PairLock, a jailbreak tweak to prevent your device from being hacked by a malicious charger.