iOS 7 To Patch Exploit That Lets Chargers Install Malware
Apple promised to patch a vulnerability recently reported by
Georgia Tech researchers, in which a third-party charger with a hidden computer
could install malware when an iOS device was plugged in and unlocked.
Apple said the issue had been fixed in the latest beta of iOS 7, which has
already been released to software developers.
In a demonstration at the Black Hat hacking convention in Las Vegas on Wednesday, the researchers plugged an iPhone into a custom-built charger they equipped with a tiny Linux computer that was programmed to attack iOS devices. They said it cost about $45 to buy and a week to design.
It infected the phone with a computer virus designed to dial the phone of one of the researchers, which it did.
They said that real-world cyber criminals might build viruses that would give them remote control of the devices. That would enable them to take screen shots for stealing banking passwords and credit card numbers.
Billy Lau, a research scientist at the Georgia Institute of Technology, said that devices running Android operating system are not vulnerable to the same types of attack because they warn users if they plug devices into a computer, even one posing as a charging station.
In a demonstration at the Black Hat hacking convention in Las Vegas on Wednesday, the researchers plugged an iPhone into a custom-built charger they equipped with a tiny Linux computer that was programmed to attack iOS devices. They said it cost about $45 to buy and a week to design.
It infected the phone with a computer virus designed to dial the phone of one of the researchers, which it did.
They said that real-world cyber criminals might build viruses that would give them remote control of the devices. That would enable them to take screen shots for stealing banking passwords and credit card numbers.
Billy Lau, a research scientist at the Georgia Institute of Technology, said that devices running Android operating system are not vulnerable to the same types of attack because they warn users if they plug devices into a computer, even one posing as a charging station.