Apple iOS devices are considered by many to be more secure than other mobile offerings. In evaluating this belief, security researchers at the Georgia Institute of Technologe investigated the extent to which security threats were considered when performing everyday activities such as charging a device. The results were alarming: despite the plethora of defense mechanisms in iOS, the researchers successfully injected arbitrary software into current-generation Apple devices running the latest iOS. All users are affected, as the method requires neither a jailbroken device nor user interaction.
The researchers will demonstrate at the upcoming Black Hat 2013 conference how an iOS device can be compromised within one minute of being plugged into a malicious charger. To demonstrate practical application of these vulnerabilities, a proof of concept malicious charger, called Mactans, was built using a BeagleBoard. This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. The researchers will also present ways in which users can protect themselves and they will suggest security features Apple could implement to make the described attacks substantially more difficult to pull off.