Thanks to Apple’s strict software approval process, iOS devices are generally considered some of the most secure. But you might want to be careful about where you plug them in for charging. Researchers at the Georgia Institute of Technology have developed a modified charger capable of installing malware onto any device running Apple’s latest iOS operating system.
The prototype charger, which has been named “Mactans,” will be shown off at the Black Hat security conference in late July, and although the researchers behind it don’t want to share the details behind the hack just yet, they have provided some information in a description of their talk published on the conference website.
“Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” their talk summary reads. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
Mactans is built around an open-source single-board computer called the BeagleBoard, which is sold by Texas Instruments for around $45, Forbes reports. According to the researches, the BeagleBoard was selected “to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed.”
The hack cannot be installed inside the tiny power adapters Apple provides with iOS devices, then — at least not yet — but it could make its way into docking stations or external battery devices. There’s also a chance that hackers with more time and a bigger budget could modify the system to make it significantly smaller.
It takes less than a minute for the charger to install a malware infection on an iOS device, and once the process is complete, it’s tough to spot. “We show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the researchers said.
Yeongjin Jang, one of the Georgia Tech researchers, has told Forbes that he has already contacted Apple about the exploit, but he’s yet to receive a response. Given the seriousness of this issue, we’re hoping the Cupertino company takes note sooner rather than later.