News

iOS 7 Will Immunize iPhones From Bogus Charger Attacks

Published on August 1, 2013
by John Paczkowski

ios-trust-charger

Ars Technica

Apple has patched an obscure vulnerability in its iOS operating system that could have allowed a malicious hacker to install malware on an iPad or iPhone via a bogus USB charger.

Discovered by researchers at the Georgia Institute of Technology, the vulnerability can be exploited only by a custom-built USB charger outfitted with a tiny Linux computer. But it can be exploited quickly — in under 60 seconds.

“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” the researchers explain in their Black Hat security conference presentation summary. “All users are affected, as our approach requires neither a jailbroken device nor user interaction. … attackers can hide their software in the same way Apple hides its own built-in applications.”

Potentially nasty stuff. But Apple has already developed a fix that will bolster iOS’s defenses against it. It has programmed the operating system to ask users if they trust the computer to which they’re connecting their device. A simple and effective fix for a nascent exploit that could have evolved into a real threat, given enough time.

Return to: iOS 7 Will Immunize iPhones From Bogus Charger Attacks

URL: http://allthingsd.com/20130801/ios-7-will-immunize-iphones-from-bogus-charger-attacks/