Apple has long prided itself on having relatively secure software compared with other operating systems, from Windows to Android. However a team of researchers at Georgia Institute of Technology have found a flaw that allows a custom charger to infect the iPhone with a virus.
The full details of the hack will be made public at the Black Hat USA conference, although we already know that it takes less than a minute for the iPhone to be infected with the virus when the charger is plugged in. This would mean that a hacker wouldn’t even have to be in possession of the iPhone for a short period, such as when the owner has gone to the bathroom or to order a new coffee, to infect the phone and return it.
This process of virus distribution means that the major worry isn’t indiscriminate infection by viruses created for egoistic purposes, but targeted infection by people trying to get hold of personal information. A virus spread using this method could be used for instance to steal credit card numbers by spying on internet use and transmitting relevant information to fraudsters. It could also be used by private detectives and secret services to spy on people.
The research was led by Billy Lau, Yeongjin Jang and Chengyu Song who used a cheap computer, costing just £30 to infect the iPhone. The cheapness of the device that can carry out such an attack is worrying, as it will make attempting iPhone hacks a low investment strategy for fraudsters who will typically spend thousands of pounds on kit to steal credit card numbers from ATM cash machines. While this process is more labour intensive, requiring the fraudster to plug in the iPhone they want to infect, it’s likely to attract new fraudsters who lack the funds to try more efficient frauds.
The team believes that all iPhones, whatever model and no matter if they are using the original software or a jailbroken version, are susceptible to the attack. It’s likely that the iPad and iPods could also be hacked using the same method as they run off the same operating system, iOS.
The hack works by the cheap computer, a BeagleBoard, being connected by a charger cable and sending software to the iPhone. Typically iPhones need to be connected to iTunes to change software via charger, but the team have figured out how to mimic this process. The software isn’t detectable as it occupies the same space on the phone as the operating system, which users can’t see the files of.
Does this mean that the iPhone isn’t safe? We haven’t heard anything about the hack being used, and the details that would make it possible to copy haven’t been released. The team behind it plan to tell Apple how to fix the problem, and no doubt Apple engineers will be tasked to close the loop prior to the findings being made public at the 27th July to 1st August Black Hat USA conference. Nevertheless there is the risk that others have also discovered the same hack method and not made their findings public.