At least, Billy Lau, Yeongjin Jang, and Chengyu Song, all from Georgia Tech, are presenting at Blackhat (27th July-1st August) on how they built a ‘Proof of Concept malicious charger’ in order to make use of the iPhone’s ability to recharge and transfer data through the same USB connection. This feature (and it is a feature, not a bug), has previously been used for jailbreaking, but the presentation summary claims that they were able to bypass iOS defence mechanisms to inject software into current iGadgets running the latest iOS versions, without jailbreaking or user interaction. (But don’t panic – the breach does require a malicious charger!)
The presentation is said to describe iOS defence mechanisms and illustrate how injected software can be made persistent, as well as suggesting remediation measures. Here’s one: don’t use any chargers you find lying around at Blackhat.
Story also covered here, and here, and here.
David Harley
Small Blue-Green World
ESET Senior Research Fellow
Leave a Reply