Another Reason Why iPhone Owners Should Avoid Cheap Chargers: Hardware Hacking

Aside from catching fire and melting, cheap Lightning charging accessories for the iPhone 5, iPad with Retina Display, iPod Touch, and iPad mini may cause even more harm. Researchers at Georgia Institute of Technology will be showing a new proof-of-concept Lightning charger at the Black Hat security conference next month that could be used to hack the iPhone and inject malicious code into the iOS operating system.

According to the talk summary for the conference, Georgia Tech researchers say, “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

lightning_usb_cable1Researchers are calling their hacked chargers, which could be used to inject malicious code into the iPhone, as Mactans. The chargers are connected to an open-source circuit board computer made by Texas Instruments. And though the circuit board cannot be hidden necessarily into Apple’s wall charger due to the small size of the AC power block, but it could be cleverly hidden into rechargeable battery packs that are becoming popular for power-hungry gadgets, like the a Zagg portable charger that includes a battery inside.

The attack can happen in less than a minute, according to researchers, and it will be persistent and difficult to detect.

This method for attack uses the same power and data entry way that the Lightning port enables that hackers had used in the past to jailbreak the iPhone using the evasiOn method.

According to Forbes, Apple has so far not responded to the researchers for comment. However, given that this flaw could potentially lead to widespread harm for the iOS ecosystem, Apple will likely move to fix the exploit in a future software update. It’s unclear if a patch from Apple would also close the doors to jailbreaking in the future.

Comments

  1. Johnny Tucats says

    According to what I read this wouldn’t be possible on a “cheap” charger. You left out the cost of the electronics they used to achieve this.

Leave a Reply