Unlock your plugged-in iPhone for just a moment and your charger has full access to pretty much anything--which might be a problem if you run across a Malware-infecting charger like one built by the Georgia Institute of Tech.
For most people, a full iPhone charge won’t last the day. Our houses, cars, local bars and offices are littered with chargers--and thinking they’re just dumb cords, we trust them implicitly. The malicious charger, however, can bypass Apple’s normal application restrictions by pinging Apple with the plugged-in phone’s UDID for a provisional profile to install provisional applications, just as developers do to test unfinished apps.
At the Las Vegas Black Hat conference last week, Georgia Tech research scientist Billy Lau and graduate students Yeongjin Jang and Chengyu Song used the malicious charger, codenamed ‘Mactans’ (Latin for “black widow”), to install trojaned versions of Facebook’s app that took screenshots of password screens and dialed numbers without user input.
The Mactans cable required the invaded phone to be both a) unlocked while plugged in, and b) have a valid developer account already installed on the phone able to request provisional profiles from Apple, but the implications for trap chargers in the future are worrying.
Lau, Jang, and Song built the charger, which took a week and $45 in materials, to illustrate the dangers involved in the popular assumption that chargers are simple power outlet transformers. The current generation of Apple products (iPhone 5, iPod Touch 5, iPod Nano 7, iPad 4, iPad Mini) already have an authentication chip that allows both data transfer and charging (cables without the chip can only charge), which was seen as stopgap protection--until Chinese tech company iPhone5Mod allegedly created an imposter chip that allows data transfer. But Lau’s team’s Mactans takes the place of the wall charger-half of Apple’s charging combo: the obvious argument is that the wall plug portion of the official Apple charger is jam-packed with tiny components, but that doesn’t stop third-party wall plugs from being comparatively large--big enough for the Linux-based Beagleboard that Lau’s team used to launch their invasive malware.
In response, Apple released a statement yesterday assuring users that iOS7 will alert users when they plug into a USB charger for the first time, asking if the iPhone should “trust the currently connected computer”--a tipoff that the innocuous charger they’re plugging into is something more. But when the chips are down and your phone is dying, how vigilant will you be that the charger behind the bar is using a first-party Apple plug? You know you’re living in the future when even the wires can’t be trusted.
