Any iOS device can be hacked with modified charger

[techbeck]

Security researchers have discovered a way to push software onto an iOS device using a modified charger. The team at George Institute of Technology says its charger was able to upload arbitrary software to an iOS device within one minute of it being plugged in. According to the researchers, "all users" are at risk, as the hack doesn't require any user interaction. Hackers are even capable of hiding the applications, so they don't show up in the device's app list. It's not clear if the charger is able to upload malicious code ? Apple's iOS devices, by default, are "sandboxed" and will only install and run properly signed apps ? but this is a worrying development regardless.

The charger itself is fairly large ? it's based on the BeagleBone, a tiny Linux PC the size of a credit card ? so it's unlikely to be able to be scaled down to fit in a regular iPhone or iPad charger casing anytime soon. The hack and charger will be demonstrated at the Black Hat security conference in July. During a presentation of their findings, the researchers will detail how USB capabilities are able to bypass Apple's defense mechanisms, and explain what Apple can do to make hacks like this one harder to pull off.

http://www.theverge.com/2013/6/3/4390808/ios-malicious-charger-hack-georgia-tech-institute-black-hat-2013

[JJ_]

I'm curious if this is an intentional backdoor for law enforcement

[UseLess]

I think the big question regarding vulnerability is if what is uploaded can be executed. I mean if it is able to put some code on your phone, that is far from good...but if they can RUN it...that is a different story altogether.

[neufuse Veteran]

hum, kinda like the Firewire exploits that law enforcement use to dump memory?

[Buttus]

might make people think twice about using one of those charging stations like they have in airports