Researchers from the Georgia Institute of Technology announced the creation of Mactans charger, a custom wall charger for Apple iPhone and iPad that is able to inoculate a malware in any devices running any version of iOS.
The infection of device is possible through a chargers called Mactans that is based on BeagleBoard architecture. The BeagleBoard is a low-power open-source hardware single-board computer designed by Texas Instruments in association with Digi-Key that is sold to the public under the Creative Commons share-alike license.
An introduction of their presentation states that they will be able to demonstrate how an iOS device can be infected in less than a minute after plugging in a malicious charger.
“In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger. We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications.”
The name Mactans derive by is a highly venomous species of spider in the genus Latrodectus, the researchers Billy Lau, Yeongjin Jang, and Chengyu Song will present their creation at the Black Hat 2013 conference in July.
It’s not the first time we read about hardware disguised as everyday objects that are used to spy on networks, let’s remind the various researches promoted by DARPA that led to the design of objects able to penetrate the host network. This time Mactans charger is a circuit used to infect mobile users.
Once installed the malicious code with Mactans charger the researcher are also able to hide it exactly in the same way Apple does with its own built-in applications, the infection is possible due the exploit of a vulnerability already disclosed to Apple but that the company hasn’t yet fixed.
Apple in fact hasn’t yet recognized the findings of the team, but the consequences of similar exploits are clear, potentially any iPhone or iPad could be compromised using its USB connection.
The researcher declared:
“The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software. All users are affected, as our approach requires neither a jailbroken device nor user interaction.”
A last consideration relates to the possible impairment of the supply chain of any hardware device and the need of hardware qualification… have you got an idea of what can be done exploiting the networks in our homes with compromised hardware.
(Security Affairs – Hacking , Mactans charger )