Who will protect me from Apple putting crap on my phone?
Scientists have invented a dangerous new charger capable of infecting iPhones with any malware they choose. Eggheads from the Georgia Institute of Technology claim to be able to hack an iPhone in under one minute using a "malicious charger" called Mactans. The team claimed their findings challenge the iPhone's reputation as …
Who will protect me from Apple putting crap on my phone?
Simple solution, only use Apple adapters and don't stick it into an unknown hole without using some form of protection, otherwise expect to catch something,
You ... By not buying one.
Easy peasy, huh?
Good advice, period....
Definite upvote for that one lol
Really, for any device (IOS, Android, WinPhone, Meego, Firefox, ...), plugging into J. Random USBPort to charge is dangerous if you have not totally neutered the port (disabled any form of sharing, debugging, etc).
I look at all these charging stations in the airports, and I think "Were I an evil bastard, I'd set one of these up, with a 1TB drive, and enough smarts to try to mount anything plugged in and look for emails, spreadsheets, Powerpoints, etc., and copy them down while 'charging' the device. And if I could stuff a Trojan in, all the better."
That wouldn't work with Android. It doesn't mount as a mass storage device till it's told to and USB debugging is disabled by default. J. Random User doesn't even know the USB debugging setting exists, let alone how to turn it on, leaving 90% of Android phones immune to this sort of attack.
Sadly, mine is one of the 10% that's not immune, but I've never plugged into a random charging port so I'm probably OK.
>> It doesn't mount as a mass storage device till it's told to
Do tell. Every one I've used looks like a mass storage device on plugging into A N Other machine. No intervention required. NB: Does have to be unlocked on connection, but then the article doesn't say whether or not this "fake charger exploit" works on a locked iPhone.....
>> J. Random User doesn't even know the USB debugging setting exists, let alone how to turn it on
Some come with it on by default. Acer? I'm looking at you here.....
I strongly doubt that "it doesn't mount as a mass storage device" is going to save you. It's more likely to be posing as a HID device or similar.
That's how I'd start off, anyway.
Never seen an Android device that didn't, certainly from 2.x onwards. HTC Hero, Desire and Desire HD all did, with both stock and various third party ROMS.
Plug in, it thinks for a minute then asks if you want to share files.
"Do tell. Every one I've used looks like a mass storage device on plugging into A N Other machine. No intervention required."
Wrong. While an Android device appears straight away to a machine as a mass storage device it doesn't actually function as one unless mass storage mode is subsequently enabled on the Android device itself. Its a bit like how a computer can "see" an optical drive, without a disc in it, but it has to have a disc inserted to "enable" it. Furthermore, while it is possible with additional software or a custom ROM to have USB mass storage mode automatically switch on when plugged into another device, no "as manufactured" Android devices have this option.
my own phone does connect immediately as a media device, without any prompt, giving access to anything stored on the internal storage and any memory card.
iPhones, iPod touch don't even have a mass storage mode, they want you to use iTunes. This used security flaws to do it's dirty work, and I'm sure Android is not free from it's own flaws, or Winphone...
"it doesn't actually function as one unless mass storage mode is subsequently enabled on the Android device itself"
I think you may be correct that out of the box Android will not auto connect as a mass storage device, however my devices (Moto Defy, Xperia Mini Pro, Xperia U) would auto connect as an MTP device...as standard...out of the box. Though, if the hack makes use of bugs in the USB implementation, maybe you don't need to get that far to be compromised?
"however my devices (Moto Defy, Xperia Mini Pro, Xperia U) would auto connect as an MTP "
And therein lies the difference of what was being discussed. MTP isn't the same as USB Mass Storage. MTP is a protocol over USB which sidesteps Androids built in "Click to Enable" USB Mass Storage mode.
Just snip the Data(-) and Data(+) wires on the USB Cable, I had an old USB cable that was broken, so I only wired the Power wires back on and my phone charges without problem. Nothing can get in wvia the power lines, so I suppose all my phones are no immune to this.
If you plug an iphone into a PC, you get access to (some of) the internal storage for the photos as if it were a digital camera, DCIM folder and everything.
This will work fine for Android devices, but not for Apple.
In a bid to make you pay $50 for a USB cable that has been sanctified by the church of Jobs, Apple phones will not charge at all from a cable that only has the power pins connected. Stupid by design.
..if the dodgy code that got injected was actually a modified iDevice ready version of Windows Phone 8 that would self install itself over iOS!
Imagine that - plugging your iPhone in for a juice top up only to find its running Windows when you get back! I think MS are actually considering it to get their usage numbers up!
Paris because she doesn't care who's plug it is!
I guess at least this would make the device fun to use instead of seeing the boring IOS UI.
You must mean the router> prompt, which has the huge variation of changing to router# after an enable.
"The team claimed their findings challenge the iPhone's reputation as an über-secure platform."
EH? WTF? WHEN?
But I have a double deadbolt on my windows and only a bowl protecting my apple.
I'm sure that Eadon will get heavily downvoted for his inevitable dig at Windows, but (as usual) there's more than a bit of truth in what he says. Most El Reg commentards are IT professionals who deal with computer end users on a regular basis, and most will recognise that the ubiquitous Windows PC is the security benchmark for most non-computer-literate users. Never mind that for most of us, the necessity for anti-virus software and malware scanners is an indication of an underlying security failure; for most users this is accepted as a normal and acceptable part of personal computing.
Eadon will get heavily downvoted for beeing Eadon.
Naw... Eadon can be a total tit, but there are certain topics at El Reg which (however rationally argued) inevitably receive a certain number of downvotes and technically-shallow rebuttals (mostly AC).
"the ubiquitous Windows PC is the security benchmark for most non-computer-literate users"
That might be a valid comparison if we were talking about desktop Linux or MacOS but iOS's reputation for security goes well beyond that - the walled garden is seen (and sold) as ensuring the devices are safe and trustworthy, not just with technically superior security but with a nanny deity watching over everything to make sure only purity is allowed in.
Security scares damage iOS disproportionally because they don't get to fall back on the "Yeah, well, that's inevitable when you let people do whatever they want" defence; they are selling something more than that.
Caption Obvious here:
In any environment with anything technical, if you can gain physical access to it you can usually crack it. How is this different? If it was say a website then I would be impressed.
downvoted because there's a world of difference between physically gaining access to a server room, and gaining access under a false flag.
Yay my first downvote!
Regardless how is physically having access to a server different than physically having access to your cellphone?
*not debating which is easier*
You are still physically interacting with the device
You don't need to get physical access to the device, or to make the user go somewhere. Just make the charger available and the users will do the job of connecting it up themselves.
I expect better.
Given China's track record on all things cyberespionage, I think it's a reasonable assumption.
The difference between China and the US in their cyber-espionage track record is the US is better able to cover her digital tracks and distract folks by pointing a finger at China.
Err, China isn't a race, it's a country .. and nationalism is still considered acceptable.
How about a harddrive with a secret ability to inject code into your box, to email the contents of the non-secret bit, to the local government.
How about glasses that the wearer forgets she has on, recording the inside of women's changing rooms?
No need to buy a Beagle board or build a special plug. Lots of people charge their phone by attaching it to their computer. All you need to do is write a program that will inject the malware into a phone and spread that program by the usual means.
I usually charge my iPhone from my TV. There are lots of places something like this could be used. My car has USB ports as well and that is becoming more of a standard on all cars. Obviously an attack like this would be targeting a specific individual and their car would be what I would go for.
I have a useful little cable I got on eBay, which basically looks like a very short USB extension lead with red plugs. It only has the power pins connected and the data pins are deliberately not connected. Very useful for parasitically charging off a computer without it trying to establish a data connection.
I bought it so save the annoyance of a computer trying to make a data connection when all I want to do is charge the phone. It never occurred to me that it may be a hardware firewall. Don't tell the seller or they'll double the price. :o)
The problem with that "solution" is that in order to get an Apple device to recognise your charger, you have to provide the correct resistive voltage dividers on both DM and DP pins. If you leave the data pins open, it will simply tell you that "Charging is not supported with this accessory" and refuse to charge.
Ah, ok. Thanks for the info; I didn't know that as I don't own any iThings. Every day is a school day and all that. :o)
Oh well, it works for my needs anyway.
As this special USB cable would sit between the computer and the standard Apple cable/circuitry would it still charge? From my understanding this would make the setup little different to a low powered plug charger.
Who would adam 'n' eve it?
IWGMC even though it's nearly summer.
Given that some of the small USB chargers that are posing as Apple ones exist (usually cost reduced by removing the hash filters!), this might be a real problem. The biggest problem is that the space for the "nasty" part is quite small. That being said, it could be reduced down to a single chip if its only function were to install a file on the "host".
Lots of $$$ needed for this, but some people (governments) had such resources! Possibly even the US government you never know (file detects Arabic script and goes further...).
Look, it may have already been done, and we just don't know about it!
I've never heard the term "hash filter" outside of people rolling their own special cigarettes. Is that like a the RFI choke?
It would not be very expensive to make a circuit board that would fit in a itingy charger like space. Micro controllers are available in CSBGA these days and circuit boards are pretty cheap. It would be thousands of dollars including engineer time not millions.
I don't know how it works software/hardware wise, but Android allows you to set a default action on connecting. From what I've seen my computer is not aware of any device being connected when I switch to charge-only. Does it just ignore the data pins and dump anything from them straight to /dev/null?
If not, could a similar exploit be used against Android phones with the only mitigation being power-only USB cables? I guess at least Android (and Windows?) phones can mitigate it that way.
That is all.