Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

iPhone Hacked In Under 60 Seconds Using Malicious Charger

timothy posted about a year ago | from the with-lucy-liu-I-hope dept.

IOS 170

DavidGilbert99 writes "Apple's iOs has been known as a bastion of security for many years, but three researchers have now shown iPhones and iPads can be hacked in just under 60 seconds using nothing more than a charger. OK, so it's not just a charger — but the Mactans charger does delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails, phone calls and even capture your passwords. Apple says it will fix the flaw, but not until the release of iOS 7, the date of which hasn't been confirmed yet. So watch out for chargers left lying around ..." (For less in the way of auto-playing video ads with sound, check out the Mac Observer's take, which concludes "[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6. Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.")

Sorry! There are no comments related to the filter you selected.

The Internet of Things... (-1)

Anonymous Coward | about a year ago | (#44451097)

to come...

Re:The Internet of Things... (5, Insightful)

Anonymous Coward | about a year ago | (#44451263)

Apple's iOs has been known as a bastion of security for many years

Uh, what? The fuck it has. Guess it just goes to show what a massive marketing campaign will do for your public image. The platform has never been any less hackable than the competition, especially when you're talking physical access to the device.

Re:The Internet of Things... (0, Troll)

Anonymous Coward | about a year ago | (#44451379)

Exactly, except Apple products are usually more crackable than the competition, as proven in almost every one of the Pwn2Own events.

Re:The Internet of Things... (0)

Anonymous Coward | about a year ago | (#44451755)

Or just more desireable.....

Re:The Internet of Things... (1)

Anonymous Coward | about a year ago | (#44452225)

Actually, the cash prize dwarfs the object prize, which eliminates any notions of going for a certain object because it is more "desirable."

The Apple products are the easiest to crack and are usually pwnd in a matter of seconds.

Re:The Internet of Things... (0)

Anonymous Coward | about a year ago | (#44452757)

Except for the fact the more non apple products are powned at those contests than apple products. Especially 2012 and 2013.

Re: The Internet of Things... (0)

Anonymous Coward | about a year ago | (#44451791)

iOS is worse than winblows as far as worms go.

Re:The Internet of Things... (4, Informative)

the_other_chewey (1119125) | about a year ago | (#44452195)

Apple's iOs has been known as a bastion of security for many years

Uh, what? The fuck it has.

That had me chuckling as well.

Remember when you could visit a website [jailbreakme.com] to "slide to jailbreak"
from right inside the web browser?

Re:The Internet of Things... (1, Insightful)

Anonymous Coward | about a year ago | (#44451713)

Anyone stupid enough to use a strangers "charger" deserves what they get, and its no ordinary charger, but a computer attached via usb cord.

Re:The Internet of Things... (0, Insightful)

Anonymous Coward | about a year ago | (#44452433)

Right... you bought an expensive phone which can be hacked in seconds, but its their fault for using a charger? Perhaps the dongle part is hidden from view and all you see is the cord? if someone wants to hack you they are not likely to put up a sign saying "malicious charging unit here". Typical apple fan response, its the users fault...

Why can't Iphone / ipad have usb port for charging (-1)

Joe_Dragon (2206452) | about a year ago | (#44451117)

Why can't Iphone / ipad have usb port for charging and not high priced apple changes with iffy knock offs?

Re:Why can't Iphone / ipad have usb port for charg (5, Informative)

The MAZZTer (911996) | about a year ago | (#44451149)

That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...

Re:Why can't Iphone / ipad have usb port for charg (5, Insightful)

SIGBUS (8236) | about a year ago | (#44451201)

How many Android handsets come with USB debugging enabled by default?

Re:Why can't Iphone / ipad have usb port for charg (4, Insightful)

mlts (1038732) | about a year ago | (#44451397)

Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.

Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.

Re:Why can't Iphone / ipad have usb port for charg (5, Informative)

Anonymous Coward | about a year ago | (#44452413)

iOS uses signing too. The hack described here reads the phone's UID, signs it with an Apple dev key, and then pushes it to the phone. It requires communication with Apple servers and can be used on at most 100 devices before it's automatically disabled.

It's a slightly different style of attack than would be used on Android phones, but in terms of public vulnerability it's not really a different threat level.

Re:Why can't Iphone / ipad have usb port for charg (1)

mjwx (966435) | about a year ago | (#44452459)

Even with USB debugging enabled (which some handsets constantly nag to have it turned off), Android handsets use a public/private key system. If the charger tries to get access, the phone will ask if it should have full data rights to it.

Of course, this means that if someone clicks OK, they are hosed, but it is better than just sticking an adapter on and doing dirty work without knowing the device's PIN or password.

Not quite,

If the device is in fastboot mode it'll let any device have it's way with its file system.

But you need have put the device in fastboot mode, which means the user is an idiot or you've got physical access to the device. In which case on device security wont help one iota.

Re:Why can't Iphone / ipad have usb port for charg (1)

chowdahhead (1618447) | about a year ago | (#44452729)

This isn't accurate. Fastboot will only flash something that's signed by the manufacturer, unless the bootloader is unlocked, which won't matter anyway if the device is encrypted. Nexus devices are locked too, and unlocking the bootloader wipes all data, so you still won't get access to anything. ADB sideloading requires ADB to be enabled and the RSA fingerprint of the PC to be accepted.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44451813)

How many Android handsets come with USB debugging enabled by default?

How many real world malware purveyors would go to such lengths as to modify an iPhone charger into a mini linux box, do a few weeks of coding and then leave the things around hoping for unsuspecting victims to pick them up and plug them into their iPhone? There has to be an easier way to hack somebody's phone than this.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44452409)

Free charging stations at protest rallies would be an easy way for Feds to gather extended data on everyone present.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44452785)

Not to mention since it tied to a developer account that account can be revoked at it will leave a "paper trail".

Re:Why can't Iphone / ipad have usb port for charg (1)

niftymitch (1625721) | about a year ago | (#44451329)

That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...

Almost.

I have seen USB wire things that do not have data connected (at AT&T shops).

At the time I passed on the $9 cable because I wanted to move stuff on and off my phone via USB.

Now that someone has done this hack I will get and keep a no data USB wire for travel and other situations where I might plug into a random who knows USB charger and not my own charger.

It does tell me that the TLA guys now have a window into my soul should they replace my charger at home with their device that sends my soul to mars.

Re:Why can't Iphone / ipad have usb port for charg (1)

Anonymous Coward | about a year ago | (#44451635)

You'll only get 150mA charging from a USB cable with no data lines. Anything higher from a computer requires negotiation (will get you up to 500mA), and from a wall-wart requires shorting the data pins.

Re:Why can't Iphone / ipad have usb port for charg (1)

Beardo the Bearded (321478) | about a year ago | (#44451847)

My outlets at home provide all the current my device could hope for.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44452445)

On some computers. Others will happily provide 5V until the fuse/thermistor (if present) overheats.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44451389)

That wouldn't solve the problem? USB chargers on Android can install apps and transfer files either way if the device has USB debugging enabled. If iPhones used USB the data protocols wouldn't be changed and would have the same capabilities...

What port do you plug your iPhone into if it isn't the USB port?

USB only defines a standard connector and a wire level protocol. What the common connector would solve is having to have X number of cables/chargers. With my Android micro-usb equipped phone, I can use any other micro-usb charger or cable. With the iPhone you have to have a special cable or charger.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44451591)

Yeah, because Apple chargers are just so hard to find. There's a time that talk like that made sense... a time when if you owned an LG X-12 there was a good chance that a LG R-25 wouldn't use the same charger but it's just not like that today. Both in my home and my office Apple connectors are just as common as MicroUSB. If anything it's the MicroUSB that comes off as the "special cable."

Re:Why can't Iphone / ipad have usb port for charg (-1, Troll)

Krojack (575051) | about a year ago | (#44451239)

Because Apple would be giving some control back to the end users and 3rd party accessories makers. This isn't anything Apple is willing to do. It's also a mind game. A lot of iDevice users believe the fancy ports are better than standard USB ports when in fact they both do the same thing.

Re:Why can't Iphone / ipad have usb port for charg (1)

Nemyst (1383049) | about a year ago | (#44451461)

Well, the fact Apple's connector fits both ways is a big plus. However, I would rather have seen a new USB standard with that feature than a proprietary connector doing it, and I'm sure Apple could've joined the board to push that, so it most certainly doesn't excuse them.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44451645)

Does your USB cable carry raw audio?
 
I guess they don't do the same thing.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44452451)

Does the other end of apple's magically expensive cord plug into a USB port?

Re:Why can't Iphone / ipad have usb port for charg (4, Informative)

NatasRevol (731260) | about a year ago | (#44451911)

A lot of iDevice users believe the fancy ports are better than standard USB ports when in fact they both do the same thing.

Why are so many people so ignorant on this point?

http://en.wikipedia.org/wiki/Dock_connector#30-pin [wikipedia.org]

It contains controls, audio and video, as well as data & charging like USB.

Re:Why can't Iphone / ipad have usb port for charg (1)

ackthpt (218170) | about a year ago | (#44451363)

Why can't Iphone / ipad have usb port for charging and not high priced apple changes with iffy knock offs?

Jobs wanted it so. (not the iffy knock offs, he hated those)

It does use USB for charging, USB more dangerous (0)

SuperKendall (25149) | about a year ago | (#44451457)

Why can't Iphone / ipad have usb port for charging and not high priced apple changes

The Apple chargers just supply a USB port power. The iOS devices can all plug into any USB port to charge...

The ironic thing is that if Apple did in fact make "apple changes" then it would be HARDER for this attack to work, because you'd have to re-create the Apple charger and the charger would have to have a data line into the phone, unlikely.

In fact, ANY device that uses USB to charge is potentially prone to attacks where the "charger" is really a computer attempting to mount the device in the most literal sense. That could me quite a lot more true of Android than iOS...

Re:It does use USB for charging, USB more dangerou (0)

plover (150551) | about a year ago | (#44451751)

Why can't Iphone / ipad have usb port for charging and not high priced apple changes

The Apple chargers just supply a USB port power. The iOS devices can all plug into any USB port to charge...

-1, wrong.

From Ken Shirrif's blog [righto.com] :

"The USB output also has specific resistances connected to the data pins to indicate to the iPhone how much current the charger can supply, through a proprietary Apple protocol.[10] An iPhone displays the message "Charging is not supported with this accessory" if the charger has the wrong resistances here. "

[10] Apple indicates the charger type through a proprietary technique of resistances on the USB D+ and D- pins. For details on USB charging protocols, see my earlier references [righto.com] .

[14] Ladyada reverse-engineered Apple chargers to determine how the voltages on the USB D+ and D- pins controls the charging current. Minty Boost: The mysteries of Apple device charging. [ladyada.net] Also of note is the picture of the internals of a official Apple iPhone 3Gs charger, which is somewhat more complex than the charger I disassembled, using two circuit boards.

Re:It does use USB for charging, USB more dangerou (0)

Anonymous Coward | about a year ago | (#44451955)

Funny. I've never seen that and I've charged with plenty of non-Apple chargers including using USB ports with non-Apple 30 pin and lightning connectors.
 
Meh. More SlashFUD.

Re:It does use USB for charging, USB more dangerou (0)

Anonymous Coward | about a year ago | (#44452375)

So many links, and just plain wrong.

An iphone will charge just fine off of any USB port on any old PC.

In fact, it has been this way since the ipods, which used the same connector. If I remember right, some ipods didn't even include a charger; you HAD to charge them off of USB unless you bought your own charger. Or maybe we just lost the charger; but the point is, charging over USB worked just fine.

Who do Haters insist on demonstrating ignorance? (1)

SuperKendall (25149) | about a year ago | (#44452511)

The Apple chargers CAN supply more power than the USB spec to Apple devices.

But it's totally optional. You can charge ANY iOS device on ANY USB port, it will just take somewhat longer. You can plug ANY USB powered device into an Apple USB charger, and it will charge. It's USB, that's what it does.

In just one post you manage to demonstrate complete ignorance as to the subject matter at hand, and unwillingness even to use Google for one second to prevent yourself from looking like a complete idiot.

Re:Why can't Iphone / ipad have usb port for charg (0)

Anonymous Coward | about a year ago | (#44451583)

Um, I plug both my iPhone and iPad into a USB plug thats built into a wall power socket.

In fact ANYTHING that will supply 10W through a standard USB socket will charge an iPad/iPhone/iPod, USB-car chargers, the mains powered one which came with my panasonic camcorder, my power strip that has a USB outlet on it, laptops, desktop PCs, none of these built by Apple.

Re:Why can't Iphone / ipad have usb port for charg (1)

John Bokma (834313) | about a year ago | (#44451921)

Major advantage to me is that now I don't have to double check if I have the right side "up" of the connector when I connect my iPad to the charging cable. You can bitch a lot about Apple I think this is a step forward, especially for older people.

Translation: (4, Insightful)

CanHasDIY (1672858) | about a year ago | (#44451127)

The quickest way to get PWND is to give someone else physical access to your device.

Always has been true, and likely always will be.

Re:Translation: (2, Informative)

Anonymous Coward | about a year ago | (#44451335)

In the 2011 Pwn2Own contest, Charlie Miller and Dion Blazakis "PWND" the Iphone 4 using a mobile Safari vulnerability.

Apple is almost always a loser at the Pwn2Own events.

Re:Translation: (0)

Anonymous Coward | about a year ago | (#44452737)

Apple is almost always a loser at the Pwn2Own events.

Except for 2012 and 2013.

Re:Translation: (0)

Anonymous Coward | about a year ago | (#44452993)

Having access to a couple of data pins on a device is not "physical access" any more than being on the same wired/wireless network is.

Jailbreak exploit opportunity (1)

Dynedain (141758) | about a year ago | (#44451157)

So does this mean you could write a jailbreak for iOS device using a modified charger? If so, how is this any different than plugging the device into a computer?

Re:Jailbreak exploit opportunity (5, Informative)

AlreadyStarted (523251) | about a year ago | (#44451215)

The "modified charger" they describe is in fact a computer.

Re:Jailbreak exploit opportunity (4, Informative)

Em Adespoton (792954) | about a year ago | (#44451549)

Interestingly, for the hack these guys created to work, the attacker must have a valid developer's license, and the target iOS device must already be jailbroken. The first bit allows them to query Apple's dev site for the debug key for your specific iOS device; the second is required to get the loaded software to actually run on the device.

HOWEVER, the same technique can be used to read all data available in userspace on the phone, so improperly stored passwords, plus all other app data and configuration data could be grabbed in this manner.

If Apple can fix this in iOS 7, I'm expecting the jailbreak community to create a fix (that will be loaded as part of the jailbreak process) in short order. Something similar to bluetooth pairing for debug and filesystem access would be an extremely good idea, plus it would close a number of outstanding attack vectors in iOS devices, not just the ones presented.

Re: Jailbreak exploit opportunity (0)

Anonymous Coward | about a year ago | (#44451727)

It does not jailbreak the device or require a jailbroken device. It installs a developer provisioning profile on the phone, which can be done automatically over USB and enables application sideloading.

Re: Jailbreak exploit opportunity (0)

Anonymous Coward | about a year ago | (#44452807)

It installs a developer provisioning profile on the phone...

That can also be revoked and leave a paper trail back to the criminal.

Re:Jailbreak exploit opportunity (0)

Anonymous Coward | about a year ago | (#44452699)

Its just a computer that looks like a charger.

Also it isn't a jailbreak - it uses the accessory connector protocol to install Apps ( that are still code-signed, sandboxed and inside the jail ) without user intervention.

One of the tenets in iOS is the device trusts you if you know the passcode, and the device trusts what you plug it in to if you connect it to something while its unlocked.

The novelty is making something you shouldn't trust (a random computer you have no knowledge of ) look physically like something people generally do (a charger).

they need to backport it to ios 6 (0)

larry bagina (561269) | about a year ago | (#44451159)

Some people are jizzing their pants over iOS 7 but I think a lot of us will refuse to "upgrade".

Re:they need to backport it to ios 6 (0)

Anonymous Coward | about a year ago | (#44451257)

I'm not aware of anything bad in iOS 7. Why would you not upgrade?

Re:they need to backport it to ios 6 (1)

XxtraLarGe (551297) | about a year ago | (#44451357)

I'm not aware of anything bad in iOS 7. Why would you not upgrade?

Can't speak for others, but my iPhone 4's performance became quite sluggish after I upgraded to 6. I don't plan to get a new phone any time soon, so I'll probably stick with 6 for the time being.

Re:they need to backport it to ios 6 (0)

Anonymous Coward | about a year ago | (#44452681)

You'll probably also want to avoid iOS 8, iOS 9, and iOS 10.

Re:they need to backport it to ios 6 (1)

vux984 (928602) | about a year ago | (#44451441)

I'm not aware of anything bad in iOS 7. Why would you not upgrade?

Well not everyone loves neon gradients as much as Jony Ive. Not that I was a fan of some of the ridiculous "skeuomorphic" stuff either though.

But honestly that's all behind me as I've got a Samsung Galaxy 3 now, and seriously doubt I'd switch back to Apple phones, unless there is another big shakeup before my next upgrade cycle.

To wind our way back on topic though my daughter has my iphone 3GS...(I had a new battery put in it and its good as new) Now, she won't be upgrading to ios7 either, because the 3GS isn't supported. So yeah, security fixes for ios6 would be pretty welcome.

Is your daughter an international spy? (0)

SuperKendall (25149) | about a year ago | (#44451563)

my daughter has my iphone 3GS...(I had a new battery put in it and its good as new) Now, she won't be upgrading to ios7 either, because the 3GS isn't supported. So yeah, security fixes for ios6 would be pretty welcome.

So since the "hack" involves have a small charger that's really an iOS development computer, and can attack only 100 devices before it runs out of open UUID's in the deve account they use - what makes you think your daughter's iPhone would be worth the degree of effort it takes to attack?

There's no way that an iOS device worth attacking at this point is not at least on an iPhone 4 or higher.

Re:Is your daughter an international spy? (1)

vux984 (928602) | about a year ago | (#44451963)

So since the "hack" involves have a small charger that's really an iOS development computer, and can attack only 100 devices before it runs out of open UUID's in the deve account they use - what makes you think your daughter's iPhone would be worth the degree of effort it takes to attack?

What would the effort be to back port the patch to ios6? There are millions 3GS phones out there still. I agree this particular hole is relatively low risk -- but all security fixes in general should be back ported. You do realize the 3GS was only discontinued less than a year ago right? Its not some long forgotten toy from antiquity. They were still selling them last July.

There's no way that an iOS device worth attacking at this point is not at least on an iPhone 4 or higher.

Right, because no one would ever be interested in hacking a 12 year old girls phone. :facepalm:

Re:they need to backport it to ios 6 (1)

plover (150551) | about a year ago | (#44451623)

I'm not aware of anything bad in iOS 7. Why would you not upgrade?

To preserve my jailbreak. I certainly won't downgrade to a new iOS until I know it's compatible with my Cydia apps.

New versions of iOS have become very ho-hum for the users. In the early days, they were exciting. Apple used the upgrades to add actual missing features, like copy/paste and multitasking. Consumers really wanted the latest and greatest, because the new features made an actual difference to them. Plus, iOS upgrades were required to download the latest apps, as new APIs were introduced to support things like front facing cameras, auto focus, iPad compatibility, etc.

Things became tricky, though. As they added features they bloated the OS, making the old iPhones perform poorly. But they got lucky. Most customers were already conditioned to previous phones "getting old and slow", that battery performance dropped dramatically after a year, and they wanted the new features anyway. They bought new iPhone hardware to compensate every time their 2 year contracts were up. So it turned out that it was OK with customers, because the latest iPhones were always "cool" and better, and all sins were quickly forgiven.

Apple couldn't buy enough wheelbarrows to haul away all the money they made with that strategy.

With iOS6, though, they may have finally poisoned the goose laying the golden Apples. Ordinary customers finally noticed that Apple was screwing them when they got their nice Google map app taken away and replaced with the shitty Apple Map. ("You want transit directions? You peasant! If you must, click here to download your city's transit app, and while you're at it, borrow a quarter from the guy next to you.") With that incredibly stupid mistake, lots of iPhone owners realized that Apple wasn't "benign" with their upgrades, and started to wonder just how badly they've been screwed over the years. Ordinary people are now likely to be somewhat wary of new iOS releases.

It remains to be seen if people will simply accept whatever they shovel into iOS7. There is already complaining about the new Fisher Price look of the interface, and that there are no real features of value. iTunes Radio is the closest thing to "new" in this device, but people who like that sort of thing already have Pandora, and they don't want to change because their player already knows their tastes. iOS7 might not get the swift uptake that their previous OSs saw.

Re:they need to backport it to ios 6 (2)

jbolden (176878) | about a year ago | (#44451933)

Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.

Re:they need to backport it to ios 6 (1, Flamebait)

plover (150551) | about a year ago | (#44452079)

Apple pulled Google maps because they didn't want to agree to the privacy rules Google wanted. The cost to Apple has ben hundreds of millions if they aren't up a billion yet. You can agree with Apple's call here or not, but screwing the customers financially was not the motivation.

They may have said "privacy", but that was a smokescreen. It was about nothing but money. Apple is in head-to-head competition with Google, and allowing their primary competitor a choice seat on their home screen and garnering the search, location, and resultant ad revenue was an affront they could no longer abide.

Apple truly believed they could get away with it and that customers wouldn't care. They believed that they would deliver such a hot-shit mapping app with useful turn-by-turn screens that consumers would just love it like they loved everything else Apple produced. They committed themselves to delivering on that belief. And as release day arrived, and initial reviews came back, they began to realize that buying TomTom's map was buying little more than a pig in a poke, and began to wonder if it wasn't a mistake. But they had no idea of the size of the PR nightmare they were creating, and they did not expect the backlash that came out of betraying their fans.

I seriously doubt that iOS7 will be adopted at the rate iOS6 was. But I may be underestimating the power of auto-updates. A large number of people just won't care no matter what Apple does.

Re:they need to backport it to ios 6 (1)

larry bagina (561269) | about a year ago | (#44452793)

They went overboard on the flat effect. Have you seen the icons? It looks like a south park construction paper iPhone.

With the changes in UIControls, apps that aren't upgraded look like a bag of ass. Or are non-functional (the navigation bar is now larger and covers the view underneath by default).

Disservice to yourself (0)

SuperKendall (25149) | about a year ago | (#44451477)

I think a lot of us will refuse to "upgrade".

iOS 5 was an "upgrade".

iOS 6, and iOS 7 have been really nice updates - iOS7 especially is very useful. It's the first beta OS I have ever installed on my main phone because I found it too useful to not have daily.

Re:they need to backport it to ios 6 (0)

Anonymous Coward | about a year ago | (#44451757)

I know everyone wants ios7, I have it and everyone I show it to want it now...

Re:they need to backport it to ios 6 (1)

jbolden (176878) | about a year ago | (#44451909)

The data doesn't show that. It shows that Apple has trained the userbase to upgrade very quickly.

user's brain gets hacked, (-1, Offtopic)

bkmoore (1910118) | about a year ago | (#44451173)

if they take a call while charging with a malicious charger.

Re:user's brain gets hacked, (3, Funny)

Anonymous Coward | about a year ago | (#44451251)

If they're using an iPhone, they already succumbed to brain hacking by Apple's marketing.

Re:user's brain gets hacked, (1)

greghodg (1453715) | about a year ago | (#44451619)

"You're charging it wrong."

The jokes just write themselves (5, Funny)

safetyinnumbers (1770570) | about a year ago | (#44451245)

delete an official app (say Facebook) replacing it with an official-looking one which is actually malware which could access your contacts, messages, emails

"Bastion of security" (5, Insightful)

Ferzerp (83619) | about a year ago | (#44451259)

Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages). At this point it's such a given that this is mostly a non story.

I thought the RDF had dissipated, but I guess not.

Re:"Bastion of security" (0)

Anonymous Coward | about a year ago | (#44451317)

Apple has one thing right: Jailbreaks are becoming very scarce. The last time we had a boot-level one was when the iPhone 4 was out. At best there is a 1-2 week window when a JB comes out and when Apple does an update, slamming it shut.

Re:"Bastion of security" (2)

Nemyst (1383049) | about a year ago | (#44451489)

Why exactly is that "right"? In what way is stopping users from using their devices in the way they desire a good thing? One of the best things about Android, especially Google's Nexus phones, is that rooting is just about always possible. For Nexus phones, it's downright trivial and supported by the OS and hardware. Sure, it might not be necessary for 99% of users. It doesn't make it any less of a legitimate action a user should be able to take.

Re:"Bastion of security" (2)

amicusNYCL (1538833) | about a year ago | (#44451597)

The last time we had a boot-level one was when the iPhone 4 was out.

I don't know what you mean by a "boot-level" exploit, but evasi0n was out in February, several months after the iPhone 5 launched. That particular exploit does modify boot files and gain access to the kernel, if that's what you mean by "boot-level".

At best there is a 1-2 week window when a JB comes out and when Apple does an update, slamming it shut.

The patch that fixed the exploits used by evasi0n was released more than a month after evasi0n went public.

If you're going to shill for Apple, it's probably good to at least stick to facts. But then it wouldn't really be shilling, would it?

Only locally, not remote (2)

SuperKendall (25149) | about a year ago | (#44451503)

Since when? iOS has had repeated and nearly constant flaws that have allowed for compromises both locally and remotely (via webpages)

There was one such remote vulnerability, via PDF, some years ago... none since then I know of.

There have always been local flaws because Apple leaves some local exploits to keep jailbreaking viable.

Of course, even with said flaws actual exploits exist pretty much only for Android.

Re:Only locally, not remote (1, Troll)

amicusNYCL (1538833) | about a year ago | (#44452497)

There have always been local flaws because Apple leaves some local exploits to keep jailbreaking viable.

No, they don't. They patch the exploits that jailbreaks use as soon as they can. If Apple wanted "jailbreaking" to be "viable" then it would be a built-in feature, not a root hack. Of course, a published statement from Apple stating the contrary would go far to further your claim.

Of course, even with said flaws actual exploits exist pretty much only for Android.

Even though I realize that "SuperKendall" is synonymous with "unapologetic Apple fanboy", for some reason I still feel compelled to respond. I guess I'm bored.

Pwn2Own 2010: iPhone 3GS compromised via bypassing code signing; Nexus One not compromised.
Pwn2Own 2011: iPhone 4 compromised via malicious web page; Nexus S not compromised.

"pretty much". "pretty much" only for Android. Is it only for Android, or is it "pretty much" only for Android? Because those two aren't the same thing. Care to throw out any more weasel words to make yourself feel secure in your purchase? You obviously don't, or you wouldn't have posted that.

does delete an official app (say Facebook) (1)

Skiron (735617) | about a year ago | (#44451261)

Sounds like a good idea to me - ROLL IT OUT

Re:does delete an official app (say Facebook) (2)

noh8rz10 (2716597) | about a year ago | (#44452389)

Sounds like a good idea to me - ROLL IT OUT

Sounds like a good idea - FOR ME TO POOP ON!

Apple Shilling (-1)

Anonymous Coward | about a year ago | (#44451289)

"Apple's iOs has been known as a bastion of security for many years"

you know what else is a bastion of software security? Cereal Boxes.

Utterly impossible to hack.

A bastion of security? (0)

Anonymous Coward | about a year ago | (#44451325)

Jailbreaking depends on security vulnerabilities, which every version of iOS has been susceptible to. How is iOS a bastion of security?

"...The wiser choice." (0)

idontgno (624372) | about a year ago | (#44451341)

Apple has historically seen iPhone users upgrade to the newest version iOS in staggeringly high numbers, but eliminating this problem across the board seems the wiser choice.

Nonsense. It's absolutely the wisest thing Apple could possibly do. Adding the spur of an outstanding unpatched "OMG I'm PWND" vulnerability to the carrot of the news "OMG SHINY" is absolutly brilliant. A wonderful way to counter sagging uptake.

Oh, you mean "wisest in terms of supporting your customer?." How quaint.

They're not your customer once you have their money.

Bastion of security? (4, Informative)

scot4875 (542869) | about a year ago | (#44451343)

I'm sorry, but if every version of your OS is trivially jail-breakable (with, for example, exploits that amount to root privilege escalation by simply visiting a web page on the device's browser), you are NOT a bastion of security.

You can argue that Apple does a better job of "securing" their app store than Google does, but that doesn't make the devices themselves any more secure. Just because something trivially exploitable hasn't been exploited (that you know of ... yet) doesn't make it secure.

--Jeremy

Re:Bastion of security? (1)

Culture20 (968837) | about a year ago | (#44452523)

Submitter actually typed Bastard of Security. Damn you, autocorrect!

Re:Bastion of security? (0)

Anonymous Coward | about a year ago | (#44452659)

Which versions of iOS are vulnerable to a remote root privilege escalation ?

I'll give you a hint - nothing that you can currently install on any iOS device ever shipped ( ie Apple revoked the signature for the vulnerable iOS versions long ago, and aside from people disciplined enough to keep shsh blobs for everything, there's no way to revert back to the vulnerable versions )

Even with local exploits, there hasn't been a jailbreak that did not require prior knowledge of the device passcode since Apple moved from the A4 to A5 CPU. I think Apple is likely far less concerned about people who own their phones stuffing around with them, than something that can jailbreak a locked phone with no prior trust established.

iOS 5 and 6 can be configured in what is called "supervised mode", which breaks the promiscuous trust the device has in the local connector, and are not vulnerable to this issue ( nor indeed can such devices currently be jailbroken unless they are A4 or earlier processor based). Apple released a tool, called Apple Configurator, that could enable this, shortly after iOS 5 was released.

Prior to supervised mode becoming available, use of charge-only cases or battery cases was the mitigation eg Mophie Helium. Such cases provide a USB charge port with no data signals through to the dock connector or lightning connector on the device.

The actual issue isn't new, you could have hidden computer in the furniture, such as a Mac Mini running Xcode and some scripting, and have done this at any time since 2008 - the novelty in what has been presented is repackaging it into a relatively innocuous package. Kudos to the team who did it for following it through to a decent demonstration.

A supervised A5 or A6 based iOS device, running iOS 6, with a moderate complex passcode, is bloody hard to compromise if you don't know the passphrase. Your best bet is not to attack the device itself, but target where the device backs up and syncs its data to ( iTunes host computer, iCloud account details, Dropbox etc )

Given Apple's created an OS ecosystem where the upgrade/patching rates are very high - they usually hit 50% of installed base within 2-3 months of release, and iOS 6 passed 90% of installed base some time in the first half of 2013, it is a somewhat bullshit call to dredge up issues that are 3-4 years old, and long ago fixed, on the platform.

(Its more, but not completely, fair to dredge up old issues with Android, because such a high proportion of the installed base is on old, unpatched versions. There are specific models of Android phone that in the right configuration are every bit as hard, or harder, to compromise as an iOS device, but you can pretty much count these on one hand, and the configuration to get there is both more complex, and requires explicit support from the OEM hardware vendor to get secure bootloader support for your customised build. )

Move along, nothing to see here (0)

0xdeadbeef (28836) | about a year ago | (#44451349)

This is just more mindless Google fanboy anti-Apple hate.

It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.

And this is just like a jailbreak, so it is a good thing.

Re:Move along, nothing to see here (2)

Em Adespoton (792954) | about a year ago | (#44451649)

This is just more mindless Google fanboy anti-Apple hate.

It's not like this a trojan you have to turn on the installation of non-market applications and go to a pirate app store to get installed. You actually have to have the device.

And this is just like a jailbreak, so it is a good thing.

Actually, this isn't mindless. This has been a known security issue in iOS since iOS 3 days, that Apple hasn't bothered to fix.

See this article coming out of DEFCON 2011:
http://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/ [sophos.com]

So unless you carry around a charging cable with the data pins removed or never charge at a USB port you don't own yourself, this is an issue (and has been for years).

Google (partially) fixed this on Android when noise first started being made in late 2010, but Apple didn't. Of course, due to fragmentation, that only means it's fixed if you bought your Android phone after mid-2011 or have an upgrade that implements the fix -- but Apple seems to be fragmenting within its own ecosystem, as this fix is iOS 7, and there are now a large number of iOS devices in every day use that aren't won't run iOS 7.

The real question is (0)

jonathanjespersen (1162397) | about a year ago | (#44451365)

Does the fake charger still charge the phone?

Re:The real question is (1)

O-Deka-K (1520371) | about a year ago | (#44452397)

No, it charges your credit card.

Quite misleading (4, Informative)

ernest.cunningham (972490) | about a year ago | (#44451369)

The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.

The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.

Still, a fun wee hack and novel approach.

Posting anonymous for obvious reasons... (1)

Anonymous Coward | about a year ago | (#44452923)

The charger is a mini linux machine what needs to use an apple developer account to dynamically add the devices UDID to the developer portal.
It then signs the malicious app and installs it.
It takes advantage of ad-hoc distribution and would require a new Apple developer account every 100 devices.

The only real mastery of this hack is that it can be concealed to look like a charger due to the small footprint of the linux PC. Otherwise, I could do the same thing with physical access to the phone.

Still, a fun wee hack and novel approach.

It also requires a modified cable with at least some of the same electronics that are used for the factory burn-in through the dock connector. The hack either required some stellar reverse engineering, or it required access to an Apple engineer with clearance for the cable for developer fused devices, or it required a factory worker in China to sneak out a cable. My money would be on the China connection, since China tends to leak like a sieve, even in the factories used for Apple products.

well, duh. (1)

sootman (158191) | about a year ago | (#44451371)

The "charger" port is, in fact, a USB port (or something similar) so yeah: if you don't have physical security, you don't have security, just like everything else.

Also, "Apple... will fix the vulnerability in the iOS 7 release" is not the same as "Apple has said they won't fix this in iOS 6." We'll have to wait and see what they say/do before passing judgement. (Radical idea, I know.) Apple was selling 3GSs with iOS 6 less than a year ago, and as far as I know, those little guys won't run 7.

Re:well, duh. (2)

amicusNYCL (1538833) | about a year ago | (#44451493)

Apple was selling 3GSs with iOS 6 less than a year ago, and as far as I know, those little guys won't run 7.

And you're thinking that's a reason why Apple would support the people who aren't paying them money anymore instead of trying to push them to buy the new version?

Re:well, duh. (0)

Anonymous Coward | about a year ago | (#44452673)

iOS 7 will be available, for free, all the way back to the iPhone 4 released over 3 years ago.

lol Bastion of Security? (0)

Anonymous Coward | about a year ago | (#44451445)

Only because nobody cared enough to spend any time hacking them...

Bogus summary (4, Funny)

93 Escort Wagon (326346) | about a year ago | (#44451467)

If this charger deletes the Facebook app, I don't think that qualifies as "malware".

Wasted jailbreak (1)

ZorinLynx (31751) | about a year ago | (#44451475)

Whatever flaw they are using to hack the phone is a possible jailbreak exploit that they are needlessly wasting.

At the very least they should let the jailbreak community at this first, THEN show off the malicious charger. At this rate we'll never see a JB for iOS 7!

Re:Wasted jailbreak (0)

Anonymous Coward | about a year ago | (#44451745)

It's a well known flaw already. The only thing new is building a charger to exploit it.

Re: Wasted jailbreak (0)

Anonymous Coward | about a year ago | (#44451797)

It's not a vulnerability, it's a series of design mistakes. Mostly it's that the phone doesn't require user approval or even notify the user about various management operations over USB.

"Nifty" (0)

Anonymous Coward | about a year ago | (#44451499)

>[I]t's nifty that Apple is addressing the issue in iOS 7. We'd also like to see it fixed in iOS 6.

Only Apple gets away with this...

Huge security hole, and hey, it's "nifty" that they are going to eventually fix it if you upgrade your OS.

Thanks...

Should be tagged "humor". (1)

Anonymous Coward | about a year ago | (#44451555)

You had me at "Apple's iOs has been known as a bastion of security for many years"...

If Snowden uses an iPhone... (1)

wjcofkc (964165) | about a year ago | (#44451647)

I would imagine our government would be more interested in acquiring a secretly swapping it with one like killed that lady in China, or swapping with any political enemies that use an iPhone.

Re:If Snowden uses an iPhone... (1)

JaredOfEuropa (526365) | about a year ago | (#44452075)

political enemies that use an iPhone.

On Slashdot these often seem to be synonymous. (iPhone user here)

Bug? More like "security feature" (1)

Neuroelectronic (643221) | about a year ago | (#44452361)

I'm sure this is intentional. That's why they're not fixing it until next version, when they can implement a new backdoor that isn't so easy to find before onboarding the new clients (NSA). Same type of shit from Microsoft and Oracle delaying zero-days. "oh yeah we can fix this obtuse, barely exploitable and complex exploit in an emergency out of cycle release" "oh, but, no. this obvious out of bounds issue with a trivial satiny check fix with exploits in the wild that convenient make investigators jobs much easier can't be done until 6 months from now"

yeah... ok.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?