Submitted by Frank Macey on
A group of researchers has demonstrated how to compromise an iOS device with a malicious charger at this year's Black Hat convention in Las Vegas. The malware injection is effortless and hides itself in the same way that Apple hides stock apps. According to Reuters, there is no need to worry since the threat will be neutralized by Apple in iOS 7.
Spokesman Tom Neumayr said the problem was fixed in the upcoming release of iOS 7 and Apple "would like to thank the researchers for their valuable input." The update will warn users with a pop up message whenever the iOS device is connected to a computer. This is important, because in the demo an innocent-looking USB charger was actually a small linux computer in disguise, loaded with malware.
In the Black Hat demonstration, researchers Billy Lau, Yeongjin Jang and Chengyu Song from the Georgia Institute of Technology connected an iPhone to the special charger they built. The charger immediately sent a virus to the iPhone and made a phone call without interaction from the owner. Lau claims in the real world, any number of viruses could be developed to take advantage of the loophole in security.
Besides remote controlling other people's iPhones, other viruses could steal passwords, credit card numbers, access texts, contact information, location data and emails. Lau explained that "security doesn't work if you bury problems," which is why the researchers publicized their findings. Luckily, Apple was listening, and iOS 7 users won't have to worry about plugging into a fake charger designed to steal all of their information.