Three researchers with the Georgia Institute of Technology say they have come up with a proof-of-concept malicious iPhone charger that lets them hack into the mobile device running the latest version of Apple's iOS in less than one minute. No jailbreaking required.
"Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device," the researchers wrote in a presentation summary. "The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software."
Dubbing their charger "Mactrans," the researchers say they can get around Apple's security mechanisms by hiding the charger software in the same way Apple hides its own built-in apps. Apparently, the hardware for the Mactrans is small enough to fit in power adaptors, docking stations, and external batteries.
The researchers plan to present the Mactrans at the upcoming Black Hat security conference in July.