Modernizing Authentication — What It Takes to Transform Secure Access
Georgia Tech researchers Billy Lau, Yeongjin Jang and Chengyu Song have developed a malicious iOS charger they're calling Mactans, which they say enables them to compromise devices running the latest version of Apple's mobile operating system (h/t Sophos).
The researchers plans to present their findings at Black Hat USA 2013 in late July. "The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," they write in a summary of their planned talk. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."
"With a little more effort and investment, it should be trivial to build a trojanized charger that is almost identical to standard kit," notes Sophos' John Hawes. "Then we'd really be in trouble. Imagine an eBay shop selling super cheap USB plugs, which could happily take over your phone and make it call premium-rate numbers or harvest passwords from your email or even bank accounts. Not such a bargain all of a sudden."
Jang told Forbes' Andy Greenberg that the researchers have contacted Apple regarding the exploit, but haven't yet received a response.