The Next Person Who Lends You An iPhone Charger Might Be Trying To Hack Your Phone
Researchers from Georgia Tech University have tweaked an iOS charger to install malware on any connected devices.
This method of attack is effective simply because charging a phone seems like an innocuous activity. What could go wrong?
A lot, it turns out.
By simply paying Apple's $99 annual developer fee, anyone can get access to a suite of tools that could be used to harm someone's phone or data. Of course, this is the same set of tools that people use to design, build, and test the apps that end up in the App Store, but who's to say it couldn't be used maliciously if one didn't care about the terms of service?
iOS devices charge over their sync cables, which means it's possible to push or pull data while charging. In the case of the Georgia Tech project, they were able to install malware simply by plugging a phone into a modified charger.
Team member Billy Lau said, "I must emphasize that this is not a jailbreak and it does not require a jailbreak. The attack is automatic; simply connecting the device is enough. It's stealthy. Even if the user looks at the screen there's no visible sign. And it can install malicious apps on the target device."
The modified charger, which they've dubbed "Mactans," is slightly larger than a standard charger, but Lau says there are ways to make it smaller or even conceal it inside something larger.