Ever borrowed an iPhone USB charger from a stranger? Watch out. Now a Georgia Institute of Technology research team has proven that a specially designed charger can inject malware into your iOS device effortlessly in under a minute. At least that's the result of their research to create a proof-of-concept malicious accessory, to be fully revealed at the Black Hat security conference this July.
The research abstract briefly describes "how USB capabilities can be leveraged to bypass [USB] defense mechanisms." Not only this, but the malware is disguised once installed to hide itself "in the same way Apple hides its own built-in applications." In case you were wondering, the experiment was performed with the latest and greatest version of iOS.
The malicious USB charger has been named Mactans, and is built with off-the-shelf parts including the open-source single-board computer from Texas Instruments called BeagleBoard. The board retails for around $45, and was incorporated into a generic, benign-looking USB charger for the project. The implications of a larger company with capital to invest, mass producing copies of Apple chargers with the malicious code embedded are disturbing. Of course, one can only hope the user (jailbreak) community would spot such an egregious offense and warn people immediately.
Regardless, the fact that such a security hole exists and can be exploited so easily is worrisome. Apple has not yet responded to notification from the research team about their experiment. One of the reasons why this proof-of-concept is notable revolves around the fact that neither a jailbreak or any user interaction is required to secretly install the malware on iOS. Think twice before your plug into a strange-looking USB charger, and check out Black Hat this summer for more information.