Print 15 comment(s) - last by rhangman.. on Jun 5 at 8:05 AM

Black Hat conference demonstration shows a fresh route to subverting the popular iPhone

Apple, Inc.'s (AAPL) popular smartphone, the iPhone, has had its fair share of security struggles in the past.  Researchers are preparing to unveil in a few months a new iOS exploit at the annual Black Hat security conference -- to be held Sept. 10-12 in Las Vegas, Nev.  The attack, like some past hacks, relies on flaws in transfer protocols in the joint proprietary data/charging USB connector.  The researchers give things a new twist, though, demonstrating how this can be baked into a third party microcontroller, allowing for malicious peripherals.

The physical attack was developed by a trio of security researchers at the Georgia Institute of Technology -- post-doctoral researcher Billy Lau, Ph.D candidate YeongJin Jang, and Ph.D candidate Chengyu Song.  The "alarming" the physical-type attack is described in the abstract as:

[D]espite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.

In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.

To demonstrate practical application of these vulnerabilities, we built a proof of concept malicious charger, called Mactans, using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish. Finally, we recommend ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.

The researchers seem to draw the name of their malicious charger from the scientific name for the iconic Southern Black Widow spider, L. mactans.  The hack isn't very price -- the BeagleBoard used is a Texas Instruments, Inc. (TXN) development product which retails for around $45 USD.

Beagle Board
The attack uses a TI Beagle Board. [Image Source: Julien Ponge]

The last major exploit found in the USB data transfer layer involved flaws in the backup processes.  This allowed the “evasi0n” jailbreakpublished in February to jailbreak iOS devices.  Apple patched the flaw -- which could also be exploited for malicious purposes -- in the iOS 6.1.3 update that aired a month later in March.

The attack reportedly works on both the old and new style proprietary iPhone connectors, as it is firmware based.  The attackers suggest that the supporting circuitry for the attack could be hidden in an external charger or battery, giving buyers of a malicious product a nasty surprise -- a hacked iPhone.  And a more sophisticated attacker could miniaturize them into even smaller form factors like cables.

The researchers contacted Apple about their findings but were rewarded with silence, according to a Forbes report.

Apple is notorious for a belligerent stance towards security professionals and a sluggish patching pace for security flaws, with some security firms suggesting it is ten years behind Microsoft Corp. (MSFT) in terms of security.  

Sources: Black Hat conference [abstract], Forbes

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Motoman on 6/3/2013 3:51:45 PM , Rating: 5
Don't care about the attack vector on the iThing - they get what they get.

I want that freaking wall socket! Pure awesome.

RE: :o
By ritualm on 6/3/2013 3:56:37 PM , Rating: 1
Over 9000.

RE: :o
By Cheesew1z69 on 6/3/2013 3:59:54 PM , Rating: 2
RE: :o
By Motoman on 6/3/2013 4:04:24 PM , Rating: 2
Looks like that particular model is somewhat problematic, based on the reviews. But cool that such things are out there.

RE: :o
By Cheesew1z69 on 6/3/2013 4:15:39 PM , Rating: 2
Here's the same one that is in the pic on here.

RE: :o
By Souka on 6/3/2013 5:38:55 PM , Rating: 2
or go the easy route with this....

and it doesn't require putting in a deep wall socket to accomidate the other designs mentioned in earlier posts.

RE: :o
By Samus on 6/3/2013 9:10:24 PM , Rating: 2
I have tried a lot of these USB wall sockets. The Cooper and the Leviton are my favorites. They are both shallow transformers (so they fit in standard boxes) but the cooper has a status light and the Leviton can actually output 2A using the left (or bottom if horizontal mounted) USB port.

I had various problems with Power2U, GE and FastMac flaking out with Qi wireless chargers/my HP Touchpad charger, and the FastMac constantly shut off after an hour due to thermal throttling. All of these except the Cooper perform poorly with two devices charging simultaneously (700ma/each port.) The Leviton works OK as long as you don't have a device that pulls 2A like an iPad, charging simultaneously with another device since the total output of the transformer is 2.1A. Unfortunately there is no current adjustment, and what I had to do is plug the high-draw device into the low-output port (700mAh) and my phones which typically only draw around 1Ah into the high-power port that the instructions say is for iPad's/tablets.

Hope this helps.

RE: :o
By DanNeely on 6/3/2013 4:04:51 PM , Rating: 2
You probably don't want that one though. It's too deep to fit in a standard wiring box.

RE: :o
By FaaR on 6/3/13, Rating: 0
RE: :o
By Adonlude on 6/4/2013 5:52:29 PM , Rating: 2

And that little brick on your charging cable is also one of your mythical electron sucking creatures.

Good to know
By msheredy on 6/4/2013 10:34:13 AM , Rating: 4
having said that

All users are affected, as our approach requires neither a jailbroken device nor user interaction

So iPhones plug themselves into malicious charging ports now?

RE: Good to know
By aliasfox on 6/4/2013 11:56:10 AM , Rating: 2
Not an issue if you use your own cables chargers everyday (like most people), but a USB port in a rental car or airport charging station may have been tampered with and nobody would know.

RE: Good to know
By rhangman on 6/5/2013 8:05:11 AM , Rating: 2
I'd imagine they meant plugging a phone into a charger is a standard interaction and there would be no difference from a users perspective between a malicious charger and a standard one.

Could see sellers undercutting everyone else for 3rd party chargers and cables, then making the difference (and more) up exploiting the devices they infect. Must be plenty of people who buy spare chargers and cables from eBay, etc.

Good and bad
By kmmatney on 6/4/2013 3:51:00 PM , Rating: 2
I think it would be pretty tricky for someone to hack a public USB charging station, and most of the time you use a normal power outlet with your own charger.

On the other hand, it would be nice if a Jailbreak team can make use of this so the latest iOS can be Jailbroken. I'm stuck at version 6.1 for now (althoughI haven't had any issues with it).

presentation date
By Athlex on 6/4/2013 9:36:15 PM , Rating: 2
Black Hat is July 27th to August 1st -

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki