Overclock.net › Forums › Industry News › Technology and Science News › [Forbes] Researchers Say They Can Hack Your iPhone With A Malicious Charger
New Posts  All Forums:Forum Nav:

[Forbes] Researchers Say They Can Hack Your iPhone With A Malicious Charger

post #1 of 20
Thread Starter 
SOURCE
Quote:
Careful what you put between your iPhone and a power outlet: That helpful stranger’s charger may be injecting your device with more than mere electrons.

At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple’s iOS.
post #2 of 20
And that is why I only purchase directly from the Apple store, or a certified OE from Amazon.
post #3 of 20
Makes me think of an iPhone STD.rolleyes.gif
The Sleeper
(10 items)
 
 
Sony Xperia Z3
(7 items)
 
CPUMotherboardGraphicsGraphics
AMD FX 8320  Asus Sabertooth 990FX R2.0 MSI Radeon 7950 MSI Radeon 7950 
RAMHard DriveCoolingOS
8GB Crucial Ballistix Sport 1600mhz Samsung 470 SSD Corsair H80i Windows 7 64 Bit Home Premium 
PowerCase
Corsair HX850 Coolermaster HAF 932 
CPUMotherboardGraphicsRAM
Intel SU7300 Core2Duo 1.6 Ghz Alienware OEM Nvidia 335m 8 GB PNY memory 
Hard DriveOSMonitor
Samsing 840 SSD Windows 7 Home Premium 64-Bit Generic PNP monitor @ 75hz 
CPUGraphicsRAMHard Drive
Snapdragon 801 @ 2.5 Ghz Adreno 330 3 GB 32 GB  
CoolingOSMonitor
Blow on it Android 4.4.4 1920x1080 LCD 
  hide details  
Reply
The Sleeper
(10 items)
 
 
Sony Xperia Z3
(7 items)
 
CPUMotherboardGraphicsGraphics
AMD FX 8320  Asus Sabertooth 990FX R2.0 MSI Radeon 7950 MSI Radeon 7950 
RAMHard DriveCoolingOS
8GB Crucial Ballistix Sport 1600mhz Samsung 470 SSD Corsair H80i Windows 7 64 Bit Home Premium 
PowerCase
Corsair HX850 Coolermaster HAF 932 
CPUMotherboardGraphicsRAM
Intel SU7300 Core2Duo 1.6 Ghz Alienware OEM Nvidia 335m 8 GB PNY memory 
Hard DriveOSMonitor
Samsing 840 SSD Windows 7 Home Premium 64-Bit Generic PNP monitor @ 75hz 
CPUGraphicsRAMHard Drive
Snapdragon 801 @ 2.5 Ghz Adreno 330 3 GB 32 GB  
CoolingOSMonitor
Blow on it Android 4.4.4 1920x1080 LCD 
  hide details  
Reply
post #4 of 20
Quote:
Originally Posted by aznpersuazn View Post

And that is why I only purchase directly from the Apple store, or a certified OE from Amazon.

What are the odds this exploit is actually used in the wild?

Besides, a charger is a commodity components... it's absolutely absurd you pay more than a few dollars for one. You can build one out of like $3 worth of parts from Radio Shack. Chinese manufaturers are probably building them for around $.50 USD....
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #5 of 20
Quote:
Originally Posted by DuckieHo View Post

What are the odds this exploit is actually used in the wild?

Very likely. I could think of a scenario where PC users that have an iPhone which connects to an exploited charger. That iPhone then may be connected to the PC. Depending on the type of malicious 'ware' installed, the exploiter could have endless access to other numerous devices.
Quote:
Originally Posted by DuckieHo View Post

Besides, a charger is a commodity components... it's absolutely absurd you pay more than a few dollars for one. You can build one out of like $3 worth of parts from Radio Shack. Chinese manufaturers are probably building them for around $.50 USD....

Mainly due to the lack of information provided by the Manufacturer about amperage ratings, and sometimes false current and voltage readings as advertised by the Manufacturer.
Edited by aznpersuazn - 6/3/13 at 7:44am
post #6 of 20
Quote:
Originally Posted by aznpersuazn View Post

And that is why I only purchase directly from the Apple store, or a certified OE from Amazon.

That is what Apple wants... where is your sense of freedom? A manufacturer should make it so the consumer doesn't (and shouldn't care) where you get your cables from.

Android typically uses Micro USB b cables, very open standard, I can get a cable from anywhere... I can borrow a friends, or from a digital camera, etc.
OC'in beast
(21 items)
 
  
CPUMotherboardGraphicsGraphics
AMD FX-8350 (Vishera) Gigabyte GA-990XA AMD 285X (unreleased) AMD 285X (unreleased) 
RAMHard DriveHard DriveHard Drive
Mushkin Enhanced Blackline 8GB (996679) Western Digital WD10EALS 1TB Blue Corsair Force Series GT CSSD-F180GBGT-BK 180GB Intel 530 Series SSDSC2BW240A401 240GB 
Optical DriveCoolingCoolingCooling
Sony 20X Sata DVD-RW Scythe Mugen 2 rev B (3) Scythe Slip Stream SY1225SL12H-P Antec Tri-Cool 140mm 
CoolingCoolingOSMonitor
Antec Tri-Cool 120mm Scythe Ultra Kaze DFS123812-3000 Windows 7 Pro 64bit ASUS PA248Q 24.1" IPS 
KeyboardPowerCaseMouse
Coolermaster Storm QuickFire Stealth Cherry MX ... Antec Earthwatts EA-750 Antec 300 Logitech G5 
Mouse Pad
Steel Series Starcraft 2 Marine 
  hide details  
Reply
OC'in beast
(21 items)
 
  
CPUMotherboardGraphicsGraphics
AMD FX-8350 (Vishera) Gigabyte GA-990XA AMD 285X (unreleased) AMD 285X (unreleased) 
RAMHard DriveHard DriveHard Drive
Mushkin Enhanced Blackline 8GB (996679) Western Digital WD10EALS 1TB Blue Corsair Force Series GT CSSD-F180GBGT-BK 180GB Intel 530 Series SSDSC2BW240A401 240GB 
Optical DriveCoolingCoolingCooling
Sony 20X Sata DVD-RW Scythe Mugen 2 rev B (3) Scythe Slip Stream SY1225SL12H-P Antec Tri-Cool 140mm 
CoolingCoolingOSMonitor
Antec Tri-Cool 120mm Scythe Ultra Kaze DFS123812-3000 Windows 7 Pro 64bit ASUS PA248Q 24.1" IPS 
KeyboardPowerCaseMouse
Coolermaster Storm QuickFire Stealth Cherry MX ... Antec Earthwatts EA-750 Antec 300 Logitech G5 
Mouse Pad
Steel Series Starcraft 2 Marine 
  hide details  
Reply
post #7 of 20
Quote:
Originally Posted by kevinf View Post

That is what Apple wants... where is your sense of freedom? A manufacturer should make it so the consumer doesn't (and shouldn't care) where you get your cables from.

Android typically uses Micro USB b cables, very open standard, I can get a cable from anywhere... I can borrow a friends, or from a digital camera, etc.

I rarely buy Apple chargers, but when I do, I mainly purchase them from Amazon. I only purchase products that I find 'certified' to be of OE standards. I never pay MSRP.
post #8 of 20
I smell fearmongering.

edit:
Quote:
Originally Posted by aznpersuazn View Post

Very likely. I could think of a scenario where PC users that have an iPhone which connects to an exploited charger. That iPhone then may be connected to the PC. Depending on the type of malicious 'ware' installed, the exploiter could have endless access to other numerous devices.

With the comparative sophistication of desktop security software put to the side, doesn't your desktop charge your phone while it's hooked up? Maybe if you elaborate on your scenario a bit.
Edited by un-midas touch - 6/3/13 at 9:09am
The Mad Cow
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Gigabyte H61M-S2H HIS Radeon HD 6670 Kingston 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue Samsung/Hitachi something or other assortment of leftovers from old systems hot-gl... Xubuntu 15.04 
MonitorKeyboardPowerCase
Sony whatevs Logitech K400 Thermaltake Smart650 Hand-me-down Gateway case 
MouseMouse PadAudioOther
Can you believe I got it at a gas station? worth more than the software it came with. Sup... JVC XX in-ears Logitech f310 
  hide details  
Reply
The Mad Cow
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Gigabyte H61M-S2H HIS Radeon HD 6670 Kingston 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 ... 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue Samsung/Hitachi something or other assortment of leftovers from old systems hot-gl... Xubuntu 15.04 
MonitorKeyboardPowerCase
Sony whatevs Logitech K400 Thermaltake Smart650 Hand-me-down Gateway case 
MouseMouse PadAudioOther
Can you believe I got it at a gas station? worth more than the software it came with. Sup... JVC XX in-ears Logitech f310 
  hide details  
Reply
post #9 of 20
Quote:
Originally Posted by aznpersuazn View Post

Very likely. I could think of a scenario where PC users that have an iPhone which connects to an exploited charger. That iPhone then may be connected to the PC. Depending on the type of malicious 'ware' installed, the exploiter could have endless access to other numerous devices.
Any evidence that it is wild.... as in "it is in use" today?

The malware on the iPhone would have to utilize additional exploits to run on the PC though.

Quote:
Originally Posted by aznpersuazn View Post

Mainly due to the lack of information provided by the Manufacturer about amperage ratings, and sometimes false current and voltage readings as advertised by the Manufacturer.
They are unregulated PSUs charging a battery so voltage ratings do not matter that much.

You can always calcuate the amperage by timing the charge time vs an offical charger.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #10 of 20
Quote:
Originally Posted by aznpersuazn View Post

And that is why I only purchase directly from the Apple store, or a certified OE from Amazon.

Really? Nobody is going to pay $3 to put a malware on your phone. You can buy botnet victims for much cheaper then that, and those have more valuable data and processing power then an iphone.
at BEST this may be used for espionage, but apple already hands over your info to the government, or in the wild if someone left them plugged into an airport charging station, with the attempt to infect 50 people before it is stolen.

No one should be concerned about this.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [Forbes] Researchers Say They Can Hack Your iPhone With A Malicious Charger