Friday, August 2, 2013

Researchers reveal how to hack an iPhone in 60 seconds

Three Georgia Tech hackers have revealed how to hack iPhones and iPads with malware imitating ordinary apps in under sixty seconds using a "malicious charger."

Today at a Black Hat USA 2013 press conference, the researchers revealed for the first time exactly how the USB charger they built can compromise iOS devices in less than a minute.
Billy Lau, Yeongjin Jang and Chengyu Song showed how they made an ordinary looking charger into a malicious vector for transmitting malware using an open source BeagleBoard, available for $125 (similar to a Raspberry Pi).

For the demonstration, the researchers used an iPhone. They plugged in the phone, and when the passcode was entered, the sign-code attack began.

For the demo, the Facebook app was used as an example.

Within seconds of plugging in the charger, the Facebook app was invisibly removed from the device and seamlessly replaced with a Facebook app imitation with a malicious payload.

The app's icon was in the exact same spot as it was before the attack - there is no way of knowing the application is not malware.

The researchers said that all the user needs to do to start the attack is enter their passcode - they pointed out that this is a pattern of ordinary use, such as to check a message while the phone is charging.

Once the app was launched, the malware was launched and the phone was compromised - and could do things such as take screenshots when other passwords are entered, send a spoofed screen, and more.

No comments: