iOS 7 Beta Fixes Malicious Charger Bug
Posted August 1, 2013 at 3:46am by iClarified
Apple has fixed a bug in iOS that allowed security researchers to inject arbitrary software into the iPhone using a malicious charger, reports Reuters.
Three computer scientists, who alerted Apple to the problem earlier this year, demonstrated the security vulnerability at the Black Hat hacking convention in Las Vegas on Wednesday where some 7,000 security professionals are learning about the latest threats posed by computer hacking. Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
Billy Lau, Yeongjin Jang, and Chengyu Song from the Georgia Institute of Technology, demonstrated a custom built charger which was equipped with a tiny Linux computer programmed to attack iOS devices. It cost about $45 to build and took a week to design. When plugged into the charger the phone was infected with a virus that caused it to place a call to one of the researchers.
In the real world the bug would give cyber criminals remote control of the devices, letting them take steal personal information including banking passwords, credit card numbers, emails, texts, contact info, or location data.
Reuters notes that with iOS 7 a user will now be notified when they are connecting to a computer and not an ordinary charger.
Read More [via Tzvi]
Three computer scientists, who alerted Apple to the problem earlier this year, demonstrated the security vulnerability at the Black Hat hacking convention in Las Vegas on Wednesday where some 7,000 security professionals are learning about the latest threats posed by computer hacking. Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
Billy Lau, Yeongjin Jang, and Chengyu Song from the Georgia Institute of Technology, demonstrated a custom built charger which was equipped with a tiny Linux computer programmed to attack iOS devices. It cost about $45 to build and took a week to design. When plugged into the charger the phone was infected with a virus that caused it to place a call to one of the researchers.
In the real world the bug would give cyber criminals remote control of the devices, letting them take steal personal information including banking passwords, credit card numbers, emails, texts, contact info, or location data.
Reuters notes that with iOS 7 a user will now be notified when they are connecting to a computer and not an ordinary charger.
Read More [via Tzvi]