Friday, August 02, 2013

Apple fixes 'malicious charger hack' in iOS 7, but other versions still vulnerable

Apple will fix the so-called "malicious charger bug" that three computer scientists alerted the company to earlier this year, the company announced on Wednesday. Those researchers demonstrated the security vulnerability at the Black Hat Security Conference in Las Vegas, also on Wednesday.

However, end users will have to wait for iOS 7 before the fix arrives. Apple said the issue had been fixed in the latest beta, beta 4, of iOS 7, which has already seeded to developers. Apple spokesman Tom Neumayr said:
We would like to thank the researchers for their valuable input.
The researchesr were Billy Lau, a research scientist at the Georgia Institute of Technology, and graduate students Yeongjin Jang and Chengyu Song.

In a Black Hat demo, the researchers plugged an iPhone into a custom-built charger they equipped with a BeagleBoard. They said it cost about $45 to buy the necessary components, and a week to design. Once the iPhone was connected, the device infected it with a virus designed to dial the phone of one of the researchers -- which it did.

The researchers said that devices running Google's Android platform are not vulnerable to the same type of attack as they warn users if they plug devices into a computer -- any computer, even one disguised as a charging station.

The changes to Apple's iOS 7 software will mean that a message will pop up to alert the user if they connect to a computer.

Of course, this leaves iPhones and iPads that won't get the iOS 7 update vulnerable. According to the researchers, all other versions of iOS can be hacked in this manner.

No comments: