iOS 7 includes fix for malicious charger exploit

By , Aug 1, 2013

iPhone charger

Back in June, a group of researches discovered a flaw in iOS that would theoretically allow an iOS device to be hacked  using a malicious USB charger. Their proof-of-concept allowed them to invisibly install malware on non-jailbroken iPhones and iPads.

The results of the experiment were called ‘alarming,’ and brought to the attention of Apple in hopes for a quick fix. The Cupertino company must have gotten the message, because according to a new report, the exploit has been patched in the latest iOS 7 beta

Reuters reports:

“Apple Inc’s next software update for its iPhones and iPads will fix a security flaw that allows hackers to engage in spying and cyber crimes when the victim connects the device to a fake charging station, the company said on Wednesday.

Apple said the issue had been fixed in the latest beta of iOS 7, which has already been released to software developers. ”We would like to thank the researchers for their valuable input,” Apple spokesman Tom Neumayr said.”

The group of researchers actually demonstrated their find at the Black Hat hacking convention in Las Vegas yesterday. They plugged an iPhone into a custom-built charger equipped with a tiny Linux computer, and it successfully infected the device with a virus.

But real-world usage of the exploit would be much worse. The group said that cyber criminals could use the hack to upload malware onto unsuspecting iPhones and iPads, allowing them to do things like steal banking passwords, credit card numbers, and more.

It’s nice to see Apple respond to a security threat so quickly, which it normally does, as it continues to keep iOS one of the most secure mobile platforms on the market. iOS 7, which now alerts users when they’re using an unauthorized charger, will launch this fall.

  • Share:
  • Follow:
  • mahe

    I wouldn’t say they were quickly …
    It took ages …

    • Jason Duong

      At least they fixed it. -looks at android and giggles-

      • mahe

        haha …
        well … that’s not fair …
        you compare malware with iOS xD

        But as I understood the bug, they can’t fix it complete …
        Because of massroullouts … there must be a way to install software without forcing the user to do anything (special at companies)

      • Jason Duong

        ‘you compare malware with iOS xD’

    • ✪ aidan harris ✪

      It didn’t take them that long. In iOS 7 (beta 1) it includes a feature which asks if you trust the computer your device is plugged into. If a charger was behaving anything like a computer when you plugged your iOS 7 device into it all you would have to do is select the “Don’t Trust” option.

      • ✪ aidan harris ✪

        ..

      • RarestName

        Nice!

      • mahe

        So it took them till iOS7 Beta 1 …
        Which are several weeks … oh … months!
        Don’t forget, this bug is known longer as it’s known to the public …

      • ✪ aidan harris ✪

        Just like the evasi0n jailbreak was made public and how many stories did you hear of people exploiting it for the bad? Although it’s taken a while to fix it’s done now and since there aren’t a lot of problems surrounding the issue (for example outside of Apple and technology blogs I’ve not heard this story) Apple can take as long as they want as far as I’m concerned. If however the problem escalates then I agree with you and Apple should release a patch for iOS 6 ASAP.

      • mahe

        I understand what you mean and your position.

        For me it counts how “easy” (and fast) you can abuse it and what you are able to do.
        Not how many problems there are around.
        Abusing this bug, you cannot only install software, as you will know.
        You can pull data from the device, for me this is worst.

        I know this has a touch of thinking: “ooohhh, everyone in the world is bad!”
        But if I think about how often someone at work came to me and asked to load his/her phone …
        They would never know I’ve done something with their device. (of course I’ve never done it, but the possibillty exists)
        And at work I don’t even need a manipulated charger, they don’t care where I plug in the other side of the cable …

  • Sir.Rhommi

    But We’ve Been Asking For QR For Years… Is It Really That Hard?

    • Jason Duong

      Asking for QR? as in a QR code reader?

      • mahe

        I think he means quick reply

      • Jason Duong

        Oh, that make sense. Ta~

      • Clement Yeo

        quick response?

      • Michael Hulet

        A built-in QR Reader would be nice, too, though

    • RarestName

      It’s going to be a “revolutionary” feature in iOS 8, the “ultra flat” iOS version.

      • Yunsar

        Haha

  • Dontwannaknow

    As per my experience, iOS 7 beta 4 has fixed some bugs; however, it still bring back some boring glitches and bugs. For example, headset control does not work in Music Player app. Dictionary, which were really cool in beta 3, now don’t work anymore. My i5 suddenly crashes and very frequently while in beta 3, it is a rare case. Still, I understand it is still beta, but why don’t they just add or improve features without removing the existing great features?

    • RarestName

      What did they intentionally remove?

      • Dontwannaknow

        As I said, Dictionary in Beta 4 does not work (work in beta 3). Headset control worked in beta 3 now doesn’t work in beta 4. And crashes.

      • RarestName

        “intentionally”

      • Jackson Grong

        Just bugs… Nothing is removed.

      • Eddie Leonard

        How about the option to shuffle all songs from a certain artist? That was only re-added in B4

    • Jonathan

      Yeah, my iPod 5 crashes a lot randomly too. Also, I don’t know if beta 4 removed it, but so far I’ve found all my contacts and notes were deleted. I don’t know if someone maybe hacked my gmail account (how could they?! Over 20 characters and it’s completely random letters, numbers and symbols!) Fortunately, my iPod 4 had the data still, so I’m in the process of exporting my notes. Already did my contacts.

      Good luck hacking my account. :)

  • Gorgonphone

    lol apple is dropping the ball again.. 5S will be boring and the six will have a design just as odd and silly as IO7s UI….

  • Vincent

    Is anyone on iOS 6 and is getting the iOS 5 App Store layout? Mines just shows the iOS 5 App Store layout. @JeffBenjamin Any ideas? This is on my iPhone 3GS

  • Vincent

    @disqus_5sJFMpFb6k:disqus

  • Yağız

    Can someone tell me where is the link i can download it now ??

  • 3aloo1

    (After reading) Directly throwing all third party chargers then shout on them
    YOU TRAITORS
    LOL