How to Hack iPhones and iPads in Less Than 60 Seconds
At the Black Hat USA 2013 conference, three Georgia Tech hackers showed everyone how to hack iPhones and iPads with malware imitating ordinary apps in less than 60 seconds using a “malicious charger.” Here are some of the highlights of their revelation. For more details, check out the story by Violet Blue on ZDNet.
“Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an ordinary looking charger into a malicious vector for transmitting malware using an open source BeagleBoard, available for $125 (similar to a Raspberry Pi).
For the demonstration, the researchers used an iPhone. They plugged in the phone, and when the passcode was entered, the sign-code attack began.
For the demo, the Facebook app was used as an example.
Within seconds of plugging in the charger, the Facebook app was invisibly removed from the device and seamlessly replaced with a Facebook app imitation with a malicious payload.
The app’s icon was in the exact same spot as it was before the attack – there is no way of knowing the application is not malware.
The researchers said that all the user needs to do to start the attack is enter their passcode – they pointed out that this is a pattern of ordinary use, such as to check a message while the phone is charging.
Once the app was launched, the malware was launched and the phone was compromised – and could do things such as take screenshots when other passwords are entered, send a spoofed screen, and more.”
For the record, the researchers did not use root permission to attack. Apple has announced that they will fix this vulnerability in Fall. So until Fall this year hackers are going to have a good time.
On a side note, a non-techie friend of mine was able to hack his own iPhone very easily. My immediate thought was, if he can hack his iPhone then anyone can.