back to article Look out, fanbois! EVIL charger will inject FILTH into your iPHONE

Scientists have invented a dangerous new charger capable of infecting iPhones with any malware they choose. Eggheads from the Georgia Institute of Technology claim to be able to hack an iPhone in under one minute using a "malicious charger" called Mactans. The team claimed their findings challenge the iPhone's reputation as …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Yes, but...

    Who will protect me from Apple putting crap on my phone?

    1. nuked
      Coat

      Re: Yes, but...

      Symantec?

      1. Trustme
        Thumb Up

        Re: Yes, but...

        Definite upvote for that one lol

    2. Anonymous Coward
      Anonymous Coward

      Re: Yes, but...

      Samsung?

    3. LarsG

      Re: Yes, but...

      Hmm,

      Simple solution, only use Apple adapters and don't stick it into an unknown hole without using some form of protection, otherwise expect to catch something,

      1. Euripides Pants
        Trollface

        Re: don't stick it into an unknown hole

        Good advice, period....

    4. oiseau

      Re: Yes, but...

      Who?

      You ... By not buying one.

      Easy peasy, huh?

  2. Anonymous Coward
    Anonymous Coward

    Trusting ANYTHING plugging into a USB port....

    Really, for any device (IOS, Android, WinPhone, Meego, Firefox, ...), plugging into J. Random USBPort to charge is dangerous if you have not totally neutered the port (disabled any form of sharing, debugging, etc).

    I look at all these charging stations in the airports, and I think "Were I an evil bastard, I'd set one of these up, with a 1TB drive, and enough smarts to try to mount anything plugged in and look for emails, spreadsheets, Powerpoints, etc., and copy them down while 'charging' the device. And if I could stuff a Trojan in, all the better."

    1. sisk

      Re: Trusting ANYTHING plugging into a USB port....

      That wouldn't work with Android. It doesn't mount as a mass storage device till it's told to and USB debugging is disabled by default. J. Random User doesn't even know the USB debugging setting exists, let alone how to turn it on, leaving 90% of Android phones immune to this sort of attack.

      Sadly, mine is one of the 10% that's not immune, but I've never plugged into a random charging port so I'm probably OK.

      1. TeeCee Gold badge
        Meh

        Re: Trusting ANYTHING plugging into a USB port....

        >> It doesn't mount as a mass storage device till it's told to

        Do tell. Every one I've used looks like a mass storage device on plugging into A N Other machine. No intervention required. NB: Does have to be unlocked on connection, but then the article doesn't say whether or not this "fake charger exploit" works on a locked iPhone.....

        >> J. Random User doesn't even know the USB debugging setting exists, let alone how to turn it on

        Some come with it on by default. Acer? I'm looking at you here.....

        1. Anonymous Coward
          Anonymous Coward

          Re: Trusting ANYTHING plugging into a USB port....

          Never seen an Android device that didn't, certainly from 2.x onwards. HTC Hero, Desire and Desire HD all did, with both stock and various third party ROMS.

          Plug in, it thinks for a minute then asks if you want to share files.

        2. Shades

          Re: Trusting ANYTHING plugging into a USB port....

          "Do tell. Every one I've used looks like a mass storage device on plugging into A N Other machine. No intervention required."

          Wrong. While an Android device appears straight away to a machine as a mass storage device it doesn't actually function as one unless mass storage mode is subsequently enabled on the Android device itself. Its a bit like how a computer can "see" an optical drive, without a disc in it, but it has to have a disc inserted to "enable" it. Furthermore, while it is possible with additional software or a custom ROM to have USB mass storage mode automatically switch on when plugged into another device, no "as manufactured" Android devices have this option.

          1. An ominous cow herd

            Re: Trusting ANYTHING plugging into a USB port....

            erm... no.

            my own phone does connect immediately as a media device, without any prompt, giving access to anything stored on the internal storage and any memory card.

          2. heyrick Silver badge

            Re: Trusting ANYTHING plugging into a USB port....

            "it doesn't actually function as one unless mass storage mode is subsequently enabled on the Android device itself"

            I think you may be correct that out of the box Android will not auto connect as a mass storage device, however my devices (Moto Defy, Xperia Mini Pro, Xperia U) would auto connect as an MTP device...as standard...out of the box. Though, if the hack makes use of bugs in the USB implementation, maybe you don't need to get that far to be compromised?

            1. Shades

              Re: Trusting ANYTHING plugging into a USB port....

              "however my devices (Moto Defy, Xperia Mini Pro, Xperia U) would auto connect as an MTP "

              And therein lies the difference of what was being discussed. MTP isn't the same as USB Mass Storage. MTP is a protocol over USB which sidesteps Androids built in "Click to Enable" USB Mass Storage mode.

      2. Tufty Squirrel
        Pirate

        Re: Trusting ANYTHING plugging into a USB port....

        I strongly doubt that "it doesn't mount as a mass storage device" is going to save you. It's more likely to be posing as a HID device or similar.

        That's how I'd start off, anyway.

        Allegedly.

      3. Tom 35

        Re: Trusting ANYTHING plugging into a USB port....

        iPhones, iPod touch don't even have a mass storage mode, they want you to use iTunes. This used security flaws to do it's dirty work, and I'm sure Android is not free from it's own flaws, or Winphone...

        1. D@v3

          Re: Trusting ANYTHING plugging into a USB port....

          @Tom35.

          If you plug an iphone into a PC, you get access to (some of) the internal storage for the photos as if it were a digital camera, DCIM folder and everything.

    2. Crazy Operations Guy

      Re: Trusting ANYTHING plugging into a USB port....

      Just snip the Data(-) and Data(+) wires on the USB Cable, I had an old USB cable that was broken, so I only wired the Power wires back on and my phone charges without problem. Nothing can get in wvia the power lines, so I suppose all my phones are no immune to this.

      1. A J

        Re: Trusting ANYTHING plugging into a USB port....

        This will work fine for Android devices, but not for Apple.

        In a bid to make you pay $50 for a USB cable that has been sanctified by the church of Jobs, Apple phones will not charge at all from a cable that only has the power pins connected. Stupid by design.

  3. LinkOfHyrule
    Paris Hilton

    I tell you what would be really funny...

    ..if the dodgy code that got injected was actually a modified iDevice ready version of Windows Phone 8 that would self install itself over iOS!

    Imagine that - plugging your iPhone in for a juice top up only to find its running Windows when you get back! I think MS are actually considering it to get their usage numbers up!

    Paris because she doesn't care who's plug it is!

    1. The_Regulator

      I guess at least this would make the device fun to use instead of seeing the boring IOS UI.

      1. Rukario
        Joke

        Boring IOS UI

        You must mean the router> prompt, which has the huge variation of changing to router# after an enable.

  4. Anonymous Coward
    Anonymous Coward

    "The team claimed their findings challenge the iPhone's reputation as an über-secure platform."

    EH? WTF? WHEN?

  5. MACWINLINO
    FAIL

    Physical access is always the problem

    Caption Obvious here:

    In any environment with anything technical, if you can gain physical access to it you can usually crack it. How is this different? If it was say a website then I would be impressed.

    1. JimmyPage Silver badge
      FAIL

      @MACWINLINO

      downvoted because there's a world of difference between physically gaining access to a server room, and gaining access under a false flag.

      1. MACWINLINO
        Devil

        Re: @MACWINLINO

        Yay my first downvote!

        Regardless how is physically having access to a server different than physically having access to your cellphone?

        *not debating which is easier*

        You are still physically interacting with the device

    2. Christoph

      Re: Physical access is always the problem

      You don't need to get physical access to the device, or to make the user go somewhere. Just make the charger available and the users will do the job of connecting it up themselves.

  6. Steve Barnes 1

    ... and it had to end with a bit of racism

    I expect better.

    1. gazthejourno (Written by Reg staff)

      Re: ... and it had to end with a bit of racism

      Given China's track record on all things cyberespionage, I think it's a reasonable assumption.

      1. Eddy Ito
        Facepalm

        Re: ... and it had to end with a bit of racism

        The difference between China and the US in their cyber-espionage track record is the US is better able to cover her digital tracks and distract folks by pointing a finger at China.

    2. Anonymous Coward
      WTF?

      Re: ... and it had to end with a bit of racism

      Err, China isn't a race, it's a country .. and nationalism is still considered acceptable.

  7. Anonymous Coward
    Anonymous Coward

    Pah! Amateur!

    How about a harddrive with a secret ability to inject code into your box, to email the contents of the non-secret bit, to the local government.

    How about glasses that the wearer forgets she has on, recording the inside of women's changing rooms?

    That's skill.

  8. Sander van der Wal
    Holmes

    A computer can charge too

    No need to buy a Beagle board or build a special plug. Lots of people charge their phone by attaching it to their computer. All you need to do is write a program that will inject the malware into a phone and spread that program by the usual means.

    1. Don Jefe

      Re: A computer can charge too

      I usually charge my iPhone from my TV. There are lots of places something like this could be used. My car has USB ports as well and that is becoming more of a standard on all cars. Obviously an attack like this would be targeting a specific individual and their car would be what I would go for.

  9. AbortRetryFail

    Special cable

    I have a useful little cable I got on eBay, which basically looks like a very short USB extension lead with red plugs. It only has the power pins connected and the data pins are deliberately not connected. Very useful for parasitically charging off a computer without it trying to establish a data connection.

    I bought it so save the annoyance of a computer trying to make a data connection when all I want to do is charge the phone. It never occurred to me that it may be a hardware firewall. Don't tell the seller or they'll double the price. :o)

    1. Quxy
      Unhappy

      Re: Special cable

      The problem with that "solution" is that in order to get an Apple device to recognise your charger, you have to provide the correct resistive voltage dividers on both DM and DP pins. If you leave the data pins open, it will simply tell you that "Charging is not supported with this accessory" and refuse to charge.

      1. AbortRetryFail
        Thumb Up

        Re: Special cable

        Ah, ok. Thanks for the info; I didn't know that as I don't own any iThings. Every day is a school day and all that. :o)

        Oh well, it works for my needs anyway.

      2. Nick Ryan Silver badge

        Re: Special cable

        As this special USB cable would sit between the computer and the standard Apple cable/circuitry would it still charge? From my understanding this would make the setup little different to a low powered plug charger.

  10. Eponymous Bastard
    Happy

    Poison apple

    Who would adam 'n' eve it?

    IWGMC even though it's nearly summer.

  11. Herby

    Counterfit Chargers?

    Given that some of the small USB chargers that are posing as Apple ones exist (usually cost reduced by removing the hash filters!), this might be a real problem. The biggest problem is that the space for the "nasty" part is quite small. That being said, it could be reduced down to a single chip if its only function were to install a file on the "host".

    Lots of $$$ needed for this, but some people (governments) had such resources! Possibly even the US government you never know (file detects Arabic script and goes further...).

    Look, it may have already been done, and we just don't know about it!

    1. easyk

      Re: Counterfit Chargers?

      I've never heard the term "hash filter" outside of people rolling their own special cigarettes. Is that like a the RFI choke?

      It would not be very expensive to make a circuit board that would fit in a itingy charger like space. Micro controllers are available in CSBGA these days and circuit boards are pretty cheap. It would be thousands of dollars including engineer time not millions.

  12. Remy Redert

    Charge-only

    I don't know how it works software/hardware wise, but Android allows you to set a default action on connecting. From what I've seen my computer is not aware of any device being connected when I switch to charge-only. Does it just ignore the data pins and dump anything from them straight to /dev/null?

    If not, could a similar exploit be used against Android phones with the only mitigation being power-only USB cables? I guess at least Android (and Windows?) phones can mitigate it that way.

  13. Bob Hoskins
    FAIL

    What a bunch of shit weasels.

    That is all.

  14. Will Godfrey Silver badge

    Anyone notice...

    ... how similar USB is to UXB?

  15. Steve 129
    Happy

    Alternative to Jailbreaking?

    I wonder... If arbitrary code can be loaded then could it be used in place of jailbreaking I wonder?

    Just a thought.

  16. Anonymous Coward
    Anonymous Coward

    So...

    Is this like Jailbreaking, but in a charger and with a different payload?

    If its possible to JB just by plugging into a PC and pressing a button or two, surely the vulnerability has always been there all along?

  17. SteveTM

    If this is the case why is there still no jailbreak for 6.1.3??!!

  18. Steve Barnes 1

    racism is racism

    And if one of the researchers were black and he said the phones they tested on were probably stolen, would that also be acceptable? Because it is precisely the same thing.

  19. Steve Barnes 1

    racism is racism

    The people being discussed are Chinese, which is a race. It seems the EDL are getting everywhere.

    1. gazthejourno (Written by Reg staff)

      Re: racism is racism

      Pardon me while I put on my string vest, crack open a can of wifebeater and break out the INGERLUND flags.

      1. Nick Ryan Silver badge

        Re: racism is racism

        not forgetting to get an (Indian*) Curry, sit on your (Swiss) furniture. And the flag you're waving will probably have been made in China anyway...

        * Yes, I am aware that many "Indian" dishes that we are used to originate outside of India.

  20. h3

    Hope they do a factory load of these for $2.99 on whatever on ebay.

    Extra points if they make it look like an Apple charger.

  21. Spoonsinger

    Re :- Scientists have invented a dangerous new charger capable of infecting iPhones?

    Shirely that should be "Engineers have invented a dangerous new charger capable of infecting iPhones?"

  22. C Yates
    Angel

    NOW we know why they keep changing the bl**dy charger!

    It wasn't to make money, it was for our protection!

    Come back Tim Cook, all is forgiven!

  23. dave 100

    So a very simple short usb-usb cable with only power lines connected would be protect you fine then... quick patent it as a security device.

    1. Darryl

      But - as pointed out above, iProducts will refuse to charge from it without accompanying data signals

  24. Silverburn
    FAIL

    Let me get this straight...

    I want your contacts, passwords etc. to get them from your iphone I need to:

    - break into your house or office

    - take photos of your iphone charger

    - go home, replicate charge as close as possible

    - devise the internals, and a bit of malware to get uploaded

    - break into your house or office again

    - replace charger with mine

    - hope you don't notice that your charger has been replaced. Or that your house was broken into. Twice.

    Chances of exploit: Slim...?

    Much easier to write/buy an exploit for the software platform based on open source and has the largest market share, surely...

    1. Darryl

      Re: Let me get this straight...

      Or you could plug one into a wall in a public area with a little sign saying 'Charge your iPhone for FREE'

    2. Stoneshop
      FAIL

      Preparation is the key.

      The iCharger an iPhone owner has at home is most likely the original iCharger, or else one of the bazillion clones all looking almost exactly like an original iCharger You, wanting to perform nefarious activities, just have to buy one of those, and for good measure just a few of the other models of the aftermarket iPhone chargers, modify them, and replace the found iCharger with that one of yours looking just like it.

      Just one burglary needed

  25. Argus Tuft
    Unhappy

    i miss my nokia 6310i

    usb? Bah!

    (was it really only 10 years ago?)

This topic is closed for new posts.

Other stories you might like