Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Infect iOS Devices With Malware Via Malicious Charger

timothy posted about a year ago | from the nobody-wants-some-iphone-with-a-social-disease dept.

Security 201

Sparrowvsrevolution writes "At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple's iOS. A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they're calling 'Mactans' after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do."

cancel ×

201 comments

"Researchers" (1, Interesting)

Anonymous Coward | about a year ago | (#43894749)

Kill all the "Researchers".

Possible Solution (2)

muphin (842524) | about a year ago | (#43894763)

would PairLock [iphonehacks.com] be a possible solution, would that work?

Re:Possible Solution (2)

Joce640k (829181) | about a year ago | (#43894831)

I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?

Re:Possible Solution (1)

Threni (635302) | about a year ago | (#43894947)

Exploits are still exploits even if they can be detected by virus/malware etc scanners, right?

Re:Possible Solution (5, Informative)

jeffmeden (135043) | about a year ago | (#43895399)

I dunno...but how is this new exploit "news" if there's utility utilities like PairLock to prevent it?

Because you have to jailbreak in order to use PairLock? And um, jailbreaking is bad, mmkay?

Re:Possible Solution (0)

Anonymous Coward | about a year ago | (#43896039)

And um, jailbreaking is bad, mmkay?

Only if you support the organized crime. (Content Mafia)
Such people deserve the jail they bought for themselves. ^^

POISON APPLE!!!!! (1, Funny)

For a Free Internet (1594621) | about a year ago | (#43894773)

Oh gord! I ated it by accident and now I shall surely expire! Now we need to decompose the integrand into partial fractions, with JEYSUS!

Physical Access (2, Insightful)

Anonymous Coward | about a year ago | (#43894781)

Physical access to a device allows for far too many attack vectors to protect against. News at 11

Re:Physical Access (5, Informative)

Anonymous Coward | about a year ago | (#43894819)

This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior. For the Olympic Games in London, Vodafone fitted 1000 taxis with mobile phone chargers.

Re:Physical Access (1, Insightful)

Anonymous Coward | about a year ago | (#43894905)

This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior.

It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.

Re:Physical Access (5, Insightful)

slim (1652) | about a year ago | (#43894959)

GP has already provided you with a potential scenario - presumably the chargers Vodafone fitted in London taxis were a USB socket and/or an iPod dock mounted in the passenger section of the taxi. The BeagleBoard could be anywhere in the taxi.

Plus, it's a proof of concept. It could certainly be miniaturised.

I doubt that any other smartphone OS is immune to this kind of attack, however.

Re:Physical Access (0)

AmiMoJo (196126) | about a year ago | (#43895543)

As far as I know all other smartphones are immune to this kind of attack because they don't try to communicate with the charger. They just draw 500mA, or 1000mA if the USB data lines are shorted out. No comms at all, hence no infection vector.

The only reason this works is because Apple put DRM in their chargers to prevent people creating cheaper clones. The charger sends an ID string back, but rather than being fixed length it is null terminated so can cause a buffer overflow.

Re:Physical Access (1)

Anonymous Coward | about a year ago | (#43895651)

Most other phones charge over USB, and a charger cable looks like a USB cable if you can't see the power supply. So no, most other phones aren't immune to this type of attack.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43896023)

USB 1 and 2 have 4 (typically, there are 5 pin micros) oins, 2 of which are power + and -, and 2 that are data. I'm willing to bet that in most phones, the 2 data pins go to nowhere, while the 2 power pins are used for charging. So yes, most phones will be immune.

Re:Physical Access (3, Insightful)

Anonymous Coward | about a year ago | (#43896121)

Why would you think that? Have you never attached a smartphone to a USB host? Of course the USB data lines are connected, and of course any smartphone will respond to communication attempts from a USB host, so there is absolutely no reason why other phones should not be vulnerable to some form of attack via USB.

Re:Physical Access (1)

Anonymous Coward | about a year ago | (#43896183)

No, most phones are not immune. The apple phone was infected with a malicious charger. Any smartphone that implements the data lines (such as my GS3) of microUSB on the phone side are vulnerable to a malicious charger that decides to use the data lines.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43895703)

Apple, always thinking of the "customer experience" first.

Its funny that in order to protect huge margins on devices (look how costly an apple adapter is) they introduce issues like this.

Who uses DRM on a charger?

Re:Physical Access (3, Insightful)

Bacon Bits (926911) | about a year ago | (#43896335)

I don't know about you, but I can only use the USB port to charge my Android phone. Also, when I connect my Android phone to my computer I generally get access to the data contents of the phone (documents, music, pictures, etc.). It seems pretty trivial to devise a "charger" that steals or destroys data on any phone that connects to it.

Data is the real treasure and thus is also the real threat of damage, but AFAIK you can also use the Android Debug Bridge [android.com] to install programs to connected phones.

Re:Physical Access (1)

Endo13 (1000782) | about a year ago | (#43896587)

I don't know about you, but any time I connect my Android phone to a device that tries to use the data lines in the charging cable I have to choose how my phone uses the cable.

Re:Physical Access (1, Insightful)

BasilBrush (643681) | about a year ago | (#43896457)

How the hell did that get modded insightful? Android of course does data via the USB. It mounts as a drive on a PC. And you can reflash the
rom via USB, just as you can on an iPhone.

Re:Physical Access (1)

wiredlogic (135348) | about a year ago | (#43896481)

There are more sophisticated implementations of the charging protocol that involve signaling on the data lines which is needed to get the full 2.1A or other steps in between. That being said it doesn't matter because a rogue "charging" device can have a fully functional host interface without any visual difference.

Re:Physical Access (1)

Enfixed (2423494) | about a year ago | (#43896565)

Apple malware... it just works! :) I'm so sad my Android phone lacks this plug and play capability, hopefully Google can hurry up and copy them.

Re:Physical Access (4, Insightful)

fredprado (2569351) | about a year ago | (#43894971)

The prototype being based in a big developer board means nothing. The exploit could be easily replicated in smaller boards that would fit just fine in regular chargers.

Re:Physical Access (0)

BasilBrush (643681) | about a year ago | (#43896495)

And in what way was it not obvious for the entire history of the iPhone that it could be reflashed through the USB? The same as other phones.

If this was an actual exploit contained in an Apple charger, then it'd be news. But doing what all of us have been doing for years via.a credit sized computer rather than a PC or Mac is not news.

Re:Physical Access (2, Insightful)

Anonymous Coward | about a year ago | (#43894975)

The Beagleboard is just one of many development boards around ARM chips which are typically smaller than a fingernail, because they're the main components in mobile phones. There are much smaller alternatives than the Beagleboard, even without making a custom board. For example, the Gumstix Overo single board computer is based on the same chip as the Beagleboard and is about the size of a stick of chewing gum. The attack could be built into anything from docking stations to the smallest chargers.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43894989)

They could spin their own board and make it much smaller (postage stamp size). All they need is a micro-controller with a built-in USB transceiver and enough program space to hold their payload.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43895051)

It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.

Great, can you please convince iPhone users to not plug their phone into my laptop to charge it without asking first.

Re:Physical Access (2)

kasperd (592156) | about a year ago | (#43896397)

can you please convince iPhone users to not plug their phone into my laptop to charge it without asking first.

Install this exploit on your laptop, and the problem will be solved. As soon as they connect the cable, it is no longer their iphone.

Re:Physical Access (4, Insightful)

gmack (197796) | about a year ago | (#43895089)

This is not an "open the device and latch on to some henceforth unprotected internal signal" attack vector. Attaching the phone to someone else's charger is not unusual behavior.

It's based on a BeagleBoard, which is larger than a business card. It's going to be tough to fool people into using a charger that looks like it swallowed half your iPhone.

Sure they will. In Spain there are charging kiosks with coin slots and cables going somewhere you can't see them and people use those all of the time. You forget that in most public charging situations you don't want just anyone to be able to unplug the thing and walk away with it.

Re:Physical Access (1)

dfghjk (711126) | about a year ago | (#43895171)

Deep thinking AC.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43895653)

Did the thought of using a cord with the device hidden out of site not occur to you?

Many people will just grab a cord off someone's desk to charge a phone without ever looking into what the cord is connected to.

Re:Physical Access (1)

ameen.ross (2498000) | about a year ago | (#43894823)

Except physical access doesn't refer to peripherals.

Re:Physical Access (3, Insightful)

slim (1652) | about a year ago | (#43895269)

Well, there's a continuum.

Sneaking into someone's office and putting a keylogger inline with their keyboard cable is an example of physical access making black-hat hacking easy.

Sneaking into the same office and plugging a PwnPlug or similar into the physical network is another example.

Those two are increasingly far from actually directly looking at filesystem blocks, but put you at an advantage compared to someone trying to get to a system from the other side of a firewall.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43895635)

Actually, yes, it does. Physical access means just that, you have *physical* access to the system.

Being able to disassemble the system and attack it's parts individually is just one part of the spectrum of physical access.

Re:Physical Access (1)

Anonymous Coward | about a year ago | (#43894833)

It would be trivial to protect against silent attacks through USB chargers: Just require a confirmation on the phone before reading any data from USB. If the phone doesn't read data from USB, then you cannot hack the phone through USB.

Re:Physical Access (2)

lseltzer (311306) | about a year ago | (#43894887)

Not that I'm all that worried about this attack, but the confirmation dialog would have to present some identifying information about the device, so the approval could probably be social-engineered.

Re:Physical Access (1)

Anonymous Coward | about a year ago | (#43894931)

Well, if you only want to "charge" the damn phone, it shouldn't be accessing any of its data, should it? Don't know how you social engineer around that, other than, well, true, morons are going to click accept anyway...

Re:Physical Access (1)

Anonymous Coward | about a year ago | (#43895247)

Well, if you only want to "charge" the damn phone, it shouldn't be accessing any of its data, should it? Don't know how you social engineer around that, other than, well, true, morons are going to click accept anyway...

Most people would look at the confirmation dialog for a tenth of a second and say, "Of course I want to read data from the charger! I plugged it into the charger, that means I want to charge! That's how charging works, right?"

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43896251)

Present them with the options:
[Charge]
[Exchange data]
[Both]

Easy to understand, and there's no "Yes" or "OK" for morons to blindly press.

Re:Physical Access (2)

AmiMoJo (196126) | about a year ago | (#43895563)

Unfortunately the exploit would have already executed and started running arbitrary code by the time the ID information had been downloaded. That's how it works, it's an overflow in the ID data that the iOS device reads.

Re:Physical Access (0)

Anonymous Coward | about a year ago | (#43895841)

Alternatively you could just have an AC adapter that doesn't do anything but supply electricity to charge the device?

"dumb" ac adapters have been around for a while now.

Re:Physical Access (3, Interesting)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43894849)

Physical access to a device allows for far too many attack vectors to protect against. News at 11

I think the issue here is that 'plausible, easy-to-engineer, physical access allows a demonstrated attack against a device'.

Also, at an architectural level, having an idevice plugged in is much closer to having a network connection [theiphonewiki.com] to a computer than it is to having 'physical access'. It's a bit weirder than a pure USB network adapter; but it's essentially a chat, over TCP, with a remote computer, not total control over a USB MSC device or something of that flavor.

Re:Physical Access (2, Informative)

AmiMoJo (196126) | about a year ago | (#43894927)

And remember, all this is to support Apple's DRM that blocks 3rd party chargers (or at least prevents them using the fast charge rate).

Providing phone chargers is a common courtesy in some countries, e.g. Japan. Most hotels and bars will have a load of chargers behind the front desk to lend out, for example.

Re:Physical Access (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43895023)

I assume that the lighting auth chip makes the behavior even more complex, under the surface; but I think that the network-like behavior happens on all iOS devices, regardless of connnector type. The ipods(aside from the Touch, which is more or less a cost-reduced iphone without the cell modem) were slightly eccentric mass storage class devices, or the firewire equivalent; but none of the iOS devices ever exposed their storage directly, you have to go through their OS for access.

Re:Physical Access (1)

EzInKy (115248) | about a year ago | (#43895535)

If Apple guarantees that they will pay for any damage incurred using an Apple product then Apple would lead the market anywhere! Wake me up when this is the case.

Re:Physical Access (2)

Thomasje (709120) | about a year ago | (#43895701)

And remember, all this is to support Apple's DRM that blocks 3rd party chargers (or at least prevents them using the fast charge rate).

Huh? I use a third-party car charger, and it fast-charges my iPhone just fine.

Re:Physical Access (1)

ArcadeMan (2766669) | about a year ago | (#43896085)

You probably use a licensed third-party car charger.

Re:Physical Access (2)

jo_ham (604554) | about a year ago | (#43895795)

What are you on about?

I fast charge my iPhone with a third party charger all the time. I'd post a video of me doing it, but you'd probably dismiss it as some sort of propaganda and clearly falsified somehow.

You might want to check on reality before you start whoring for karma with outright lies on slashdot.

Also, not that you've been at all accurate in your post, but even if this were the case, there's a difference between a proprietary charging protocol/data exchange (the iOS device attempts to negotiate a link to iTunes when it is plugged in, and falls back to charge only mode if it senses a charger) and DRM.

I've never had a problem with any of the third party chargers I have used, but you're at +5 informative, so I guess I'm mistaken.

Connectors (5, Funny)

Nerdfest (867930) | about a year ago | (#43894783)

I consider any charger with one of those proprietary connectors a 'malicious' charger.

Re:Connectors (0)

Anonymous Coward | about a year ago | (#43895261)

I consider any charger with one of those proprietary connectors a 'malicious' charger.

TFS:

The malware-loaded USB plug...

So you're good!

Re:Connectors (1)

Anonymous Coward | about a year ago | (#43895301)

In other news, the US just loosened restrictions on the export of iPhones to countries like Iran. This is great news for the CIA. I bet the Iranian nuclear workers will have their free iPhones by the end of the week!

Power-only cable... (2)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43894793)

It's a pity that the 'lighting' connector's dependence on an in-cable processor likely makes it more complex to use the old power-only mod...

Not all USB devices play nicely(some phones require either a full USB host or some goofy resistor-coding nonsense on the data pins, and some USB hosts don't power USB ports, or only provide 100ma, unless the USB peripheral negotiates appropriately on the data pins); but it is generally possible(sometimes with resistor hackery, and for 'dumb' chargers and USB ports that don't need negotiation for power) to use a USB cable with the data lines cut and just power and ground attached for charging. Certainly the only thing I'd trust when plugging into some arbitrary port...

Re:Power-only cable... (1)

Anonymous Coward | about a year ago | (#43895175)

I'm not entirely sure what you are complaining about here. The USB standard specifies that the device may not use more than 100mA without negotiation for more first, those that don't aren't USB compliant.
The 'goofy' resistor coding (A 0 ohm resistor between D+ and D-) on data pins is also part of the USB standard and is there to allow for 'dumb' chargers to be able to inform the device that they are in fact dumb chargers. In this case the device may use up to 1.8A without negotiation.
Since cheap hosts just uses a PTC fuse at ~500mA instead of monitoring the current a 'hacky' device might try to charge with 500mA if it can't detect a connection between D+ and D- but a well designed host should consider this as an error and disconnect the power to prevent overheating from short circuits.

Re:Power-only cable... (0)

Anonymous Coward | about a year ago | (#43895323)

No, the resistor coding is definitely goofy. There are many more resistor values between other pins to indicate things like USB-OTG modes. One can only hope that the high power USB standard will for once do the right thing and require active power negotiation for all modes.

Public chargers (2)

MavEtJu (241979) | about a year ago | (#43894799)

Mental note: Don't use these public chargers anymore...
(Google for "iphone charging point airport")

Re:Public chargers (3, Informative)

CyberSlugGump (609485) | about a year ago | (#43895011)

Or carry a modified cable where the USB power wires are connected but the data wires are not.

If you don't want to DIY, take a look at this sync cable (iPhone 4S or earlier) [amazon.com] which has an extra end for only charging.

Re:Public chargers (2)

AmiMoJo (196126) | about a year ago | (#43895505)

But then your device only charges at 500mA. An iPad is capable of charging at up to 2A, and at only 500mA it won't even be able to maintain the battery level.

Re:Public chargers (0)

Anonymous Coward | about a year ago | (#43896187)

If you short cut d+ and d- in your cable, the device should detect this as a charger according usb charger class spec.

So you could charge at more than 500mA without giving data to charger

Years old (1)

zakeria (1031430) | about a year ago | (#43894821)

I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.

Re:Years old (4, Funny)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43894861)

I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.

Wow, a sleazy USB device from China that has more flash memory than the specs indicate, rather than substantially less? Where can I find this miraculous creature?

Re:Years old (0, Flamebait)

Anonymous Coward | about a year ago | (#43894877)

I've seen this going back years with USB keyboards etc from China, they install all sorts of crap on your PC without you knowing.

That is obviously a PC problem... on the other hand Apple products, chargers etc. are all made in the US.

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895059)

That is obviously a PC problem... on the other hand Apple products, chargers etc. are all made in the US.

Wait, what?

Foxconn/Hon Hai make Apple products in China. When I last checked, the US wasn't part of China. Yet.

Reference: http://wiki.answers.com/Q/Where_is_the_apple_factory

ps: responding as ac due to laziness (and the apple fanboy/sales employee posted AC so two wrongs make it right, right?

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895203)

and the apple fanboy/sales employee posted AC so two wrongs make it right, right?

Correct, carry on.

Re:Years old (0)

Anonymous Coward | about a year ago | (#43896079)

Wooooooooooooosh

Re:Years old (0)

Anonymous Coward | about a year ago | (#43896109)

When I last checked, the US wasn't part of China.

It's the other way around. With the USA crumbling into incredible debts, they will be owned by China in a few years.

Re:Years old (1)

The MAZZTer (911996) | about a year ago | (#43894983)

Windows doesn't let this happen anymore. USB devices can't do autorun now.

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895041)

Yea but USB devices can still provide keyboard functionality ... autorun not working is moot

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895291)

Yea but USB devices can still provide keyboard functionality ... autorun not working is moot

So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?

Re:Years old (1)

jeffmeden (135043) | about a year ago | (#43895441)

Yea but USB devices can still provide keyboard functionality ... autorun not working is moot

So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?

Start key > cmd (return) > [flashdrive]:\malware.exe (return)... (yes to dialog box)... (yes to "are you SURE SURE" dialog box)...

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895537)

Spooky. And when the UAC screen pops-up, does this magical keyboard also enter my password?

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895485)

Admit it, you are an an agent of (USB) BATman!

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895493)

Um, yes? Next question.

Re:Years old (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43895547)

So how does it install malware, send a bunch of keystrokes to open Notepad and type up a malicious BAT script?

I suspect that someone feeling clever could probably encode some malware such that it could be transferred and executed entirely with default system utilities and keystrokes, or they could use emulated keystrokes to execute a binary located on a USB MSC filesystem(they still automount by default, and guessing the drive letter prepend should only take a few seconds). Grabbing a payload from a malicious URL is also an option, if you are willing to risk the target not having internet access.

For promotional purposes, they make a rather similar [bettermousepads.com] device that emulates a keyboard and opens an arbitrary URL when inserted. For something that is such a terrible idea, they seem surprisingly popular, even with companies who really ought to know better.

Re:Years old (0)

Anonymous Coward | about a year ago | (#43895757)

they can if they pretend to be a usb conencted CD/DVD drive

This Responsible Disclosure is very irresponsible (1)

Quick Reply (688867) | about a year ago | (#43894841)

They should have saved this exploit for jailbreaking than to report it, comsidering the chances of an in-the-wild infection are low. Public charge stations are quite uncommon.

Re:This Responsible Disclosure is very irresponsib (3, Informative)

stoolpigeon (454276) | about a year ago | (#43894907)

No they aren't. With charging kiosks in malls and such, like these [richarge.co.za] or these [made-in-china.com] I would say that they are pretty common.

Legal team (1, Flamebait)

whargoul (932206) | about a year ago | (#43894953)

We've seen how this plays out in the past. The first contact Apple is going to make is with their legal team to sue those researchers out of existence. How dare they discover a hole and tell them about it.

Re:Legal team (1)

AC-x (735297) | about a year ago | (#43895627)

Can you show a single previous instance of Apple suing a security researcher? I certainly can't find anything.

Re:Legal team (1)

jo_ham (604554) | about a year ago | (#43895827)

You're going to need to provide some proof of that.

Also, you'll have to explain the many hundreds of entries in Apple's own kb entries going back many years for security updates where they specifically mention third parties who have identified security holes that are fixed in that particular update. I assume they thanked them for finding the hole and *then* sued them out of existence? Or do they sue first, then personally thank them? Not sure how it works, but since you seem to be an expert on this, I'll bow to your knowledge.

Re:Legal team (1)

Skapare (16644) | about a year ago | (#43896015)

The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do.

Well, that seems to be simple ... Apple will just never contact them.

Been done before (1)

erroneus (253617) | about a year ago | (#43894965)

Didn't they do this last year? Provide a charging kiosk which was able to (as a proof of concept) infiltrate the devices plugged into it?

Can this be used to unlock locked devices? (1)

couchslug (175151) | about a year ago | (#43894967)

Inquiring minds want to know.

"Power Only" USB Cables (1)

fazookus (770354) | about a year ago | (#43895027)

I believe there are iDevice cables that don't carry data, only power. If not, there's http://www.kickstarter.com/ [kickstarter.com] , I'll take my usual 15%

Re:"Power Only" USB Cables (0)

Anonymous Coward | about a year ago | (#43895237)

i believe the lightning connector doesn't allow for this. there is a chip inside that has to communicate with the phone to allow it to work (if i recall correctly). so, yeah, there are cables that carry only power (through me for a loop when i was trying to root my android device and couldn't for the life of me figure out why my phone wasn't being seen by the PC, but was being charged... gotta keep better track of my cables), but they'll only work on 4S and earlier if i'm not mistaken.

Re:"Power Only" USB Cables (1)

jo_ham (604554) | about a year ago | (#43895865)

Yes, but without the data pins the iPhone is going to follow the USB spec, which will limit it to 500 mA (or even less - I forget what the protocol specifies if the data pins are absent. There's a bunch of things you can do to show it's a charger, like shorting the pins at a particular resistance). If you want the full charging spectrum, the two devices need to communicate, but clearly this introduces a security issue.

So... (2)

bfmorgan (839462) | about a year ago | (#43895249)

Always practice "Safe Charging"

No secret stuff (0)

Anonymous Coward | about a year ago | (#43895257)

It exploits a weakness in the AFC protocol. Should be pretty easy to fix.

BTW: it transfers data, until now it's not sure if an app could be executed that way on an unjailbroken (?) iPhone as it is not signed. To say an iPhone is actively infected is a bit speculative.

Re:No secret stuff (1)

hcs_$reboot (1536101) | about a year ago | (#43895575)

Once I went to an Apple Store to have them check my iPhone. The guy plugs my iPhone into his laptop and immediately all my pictures appeared on his screen... a bit embarrassing. That was 2 years ago - today, maybe the iPhone is less prone to divulge its information..

Re:No secret stuff (0)

Anonymous Coward | about a year ago | (#43895617)

Apple geniuses have special diagnostic software. Why are you surprised???

Re:No secret stuff (1)

hcs_$reboot (1536101) | about a year ago | (#43895959)

3 '?' to underline your question, what a waste of characters... The guy didn't even start his diag soft - that was simply iPicture or iPhoto or iDontremember what exactly.

Huh? (1)

Anonymous Coward | about a year ago | (#43895295)

When did TI buy the Beagleboard and start selling it?

http://beagleboard.org/ [beagleboard.org] is the REal thing and they dont seem to act like TI bought them.

And I cant buy one from TI 's store, it redirects me to Beagleboard.com

Re:Huh? (0)

Anonymous Coward | about a year ago | (#43895751)

Yes, that's misleading. The main component on the Beagleboard is a TI chip though.

are we surprised? (1)

houbou (1097327) | about a year ago | (#43895801)

If your device's connection can do both charging and data transfers, then it's only normal that it can be vulnerable to hacking via anything which connects to its port. Now, some USB cables only transfer power and that MIGHT be a saving grace, but the again, for the most part, a charger that can deliver malware would be no different than a device connected to a PC's USB port, even if only for the purpose of charging the device. Nothing would stop some malware from detecting the device and upload some crap.

This was disclosed ages ago (0)

Anonymous Coward | about a year ago | (#43895829)

A researcher posted a proof-of-concept of breaking in through the battery interface a year ago. Not much of a stretch to see how the power system could be used for exploits.

Inductive charging (4, Interesting)

bored (40072) | about a year ago | (#43895849)

What amazes me is that inductive charging hasn't taken over. I was a skeptic, when I got my touchpad a couple years ago. The ability to just drop the pad on a dock without worrying too much about positioning/etc quickly sold me on the idea. Same thing with the veer I purchased as well. Just drop it on the dock and the magnets align it.

Now every-time I plug in the wifes ipad, or android phone I cringe. Small easily broken connectors are something that should be a last resort.

Oh, and the touchpad prompts the user before allowing communication on the USB port.

sharing more details? (1)

Skapare (16644) | about a year ago | (#43896031)

The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do.

With this attitude, don't expect Apple to ever contact them.

Nothing new here, moving on (0)

Anonymous Coward | about a year ago | (#43896071)

I wish this potentially malicious behavior was new or novel. Malicious mobile power stations have already been done. See http://securesql.info/cracks/2013/5/7/2q35is1o62y86fqqo84es5efzygur4 for additional details and a picture where people are getting owned.

Meanwhile, at MIT, CalTech, UIUC... (0)

Anonymous Coward | about a year ago | (#43896301)

... and other actual, reputable schools, research continues on things that actually matter.

Smart chargers (0)

Anonymous Coward | about a year ago | (#43896449)

Ya know, I can't help but think if we weren't so busy trying to force people to buy an "approved charger" this wouldn't be an issue. Seriously. Put the charging smarts in the phone, and don't allow data exchange with the charger. This issue magically disappears.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...