Search This Blog


Thursday, August 1, 2013

Apple update tackles charger hack attack

Apple iPhones
Data-stealing apps can be uploaded via the malicious charger
Apple has issued a software update that will help its products avoid falling victim to booby-trapped chargers.
The update has been issued in response to research that created malicious chargers that could upload code onto devices plugged into them.
The work by computer scientists at Georgia Tech in the US can compromise iOS devices in about 60 seconds.
Apple's update warns users to be sure they are using a trusted charging point when they plug in.
The custom built chargers include a small computer alongside the electronic components that pipe power into an Apple iOS device.
The tiny computer interrogates an iPhone or tablet and copies a unique ID number that identifies that phone.
This is then used on an Apple website to take advantage of an uploading tool usually used by developers to test their software on an iOS gadget.
Instead of uploading a program in development, the trio of researchers, Billy Lau, Yeongjin Jang, and Chengyu Song, managed to upload an application that stole data.
The malicious chargers and their associated data-stealing application were demonstrated at the Black Hat hacker conference currently under way in Las Vegas.
In the demo, the trio showed off a fake Facebook app that could grab screenshots of passwords and make calls on behalf of an attacker.
The limited nature of the attack, which requires phones to be unlocked and for attackers to be a registered developer with Apple, were noted by tech news site Ars Technica .
The researchers from Georgia Tech's Information Security Center gave some details about their attack in June and this prompted Apple to issue an update for devices running version seven of its iOS operating system.
The update asks users if they are sure they can trust the device they are using to charge their phone or tablet.
Untrusted devices get no access to the internals of an iOS gadget.

No comments:

Post a Comment

wibiya widget

Disqus for Surut Shah

Web Analytics