At the Black Hat USA 2013, Billy Lau, Yeongjin Jang and Chengyu Song from Georgia Tech demonstrated how they could use a maliciously modified charger to hack into an iPhone in less than 60 seconds.
As soon as the passcode was entered on the phone, the attack began. They were able to take screenshots when other passwords were used, send fake pages and otherwise access and compromise the data on the phone.
To make matters worse, the phone doesn’t need to be rooted (jailbroken) for the malicious charger to work.
The charger itself has been modified so that it contains a mini computer. This is possible with the recent developments of mini computers such as BeagleBoard or Raspberry PI. These have been created with the purpose of making computing cheaper and available to underdeveloped countries, as well as to serve as portable computers for robots and other mechatronic devices.
An alarm sign for Apple regarding iOS security
The researchers have contacted Apple - and Apple has patched iOS 7 to prevent the attack. However, the current versions are all vulnerable to exploit through this hacking method.
This demonstration comes to once again ring the alarm for iPhones. No matter how safe we believe our data to be, there is always someone that will search for vulnerabilities.
See the demonstration of the hacked iPhone
You can read more about these and other research on malicious software from the Briefings page of the Black Hat USA 2013 page: https://www.blackhat.com/us-13/briefings.html
In order to always know that your data is protected and to be sure that there are no hidden threats lurking in the background we recommend that you install a security app, such as BullGuard Mobile Security or BullGuard Mobile Backup, which will ensure that your data is protected.
Posted by Andreea Luciana Ostache