Security for Apple mobile devices has been looked upon as the best on the market, but a newly discovered hardware zero-day in the Apple iPhone, iPad and iPod Touch adds new concern when it comes to the iOS platform.
Georgia Tech security researchers have assembled a malevolent Apple device charger that can inject persistent malware into the latest iOS devices, allowing the attacker to compromise the devices in under 60 seconds.
At the upcoming Black Hat 2013 conference in July, Billy Lau, Yeongjin Jang and Chengyu Song will present their creation, dubbed Mactans after the black widow spider’s Latin name.
“Apple iOS devices are considered by many to be more secure than other mobile offerings,” they said in the session write-up. “In evaluating this belief, we investigated the extent to which security threats were considered when performing everyday activities such as charging a device.”
The researchers admit that they quickly put Mactans together using a BeagleBoard, selected to demonstrate the ease with which “innocent-looking, malicious USB chargers” can be constructed. The BeagleBoard is a charge card sized open-source mini-computer that can be utilized for a range of ad-hoc computing builds.
“While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish,” they said.
The security researchers have disclosed the vulnerability to Apple, but won’t release full details until the conference presentation.