A simple modification to the standard Apple charger could be used by crooks to hack Apple devices ‘in under one minute’ according to researchers, who will make their claims at a conference coming up in July.
This development underpins the concerns of many senior technology correspondents, who have been pointing out the inherent dangers associated with smart devices reliance on their charging lead in order to ‘talk’ with other devices for crucial updates. It now seems that this security flaw is being exploited.
The blackhat trick is scarily simple to execute. It utilises a 3 inch circuit board which is typically concealed in a docking station or battery unit. The hack requires almost no budget because of the readily available nature of the required components. A 3 inch circuit board can be sourced from any number of websites in seconds at barely any cost. Once the kit is modified, the hack can pull valuable data out of any Apple device, including iPhones and iPads, in less than one minute.
More details will be revealed next month at the Blackhat.com conference. Billy Lau, Yeongjin Jang and Chengyu Song will present “Mactans: Injecting malware into iOS devices via malicious chargers”. The talk will focus on how Apple devices are “considered by many to be more secure than other mobile offerings” yet they will demonstrate “how any iOS device can be compromised within one minute of being plugged into a malicious charger”
Perhaps of most concern is the apparent lack of action from Apple thus far. The Mactan hacking group appear to be off-radar for the tech giants so far, and with the demonstration not due until July, the group haven’t exposed any further details of their hack. Apple have long been aware that their charging port can be used beyond their intentions, as it’s a commonly used method to jailbreak iPhones and iPads. There is no suggestion that this method has been used to infiltrate an Apple device with malicious intentions before though.
The researchers behind the hack have made no effort to present their charger as a native Apple charger, but they have been at pains to point out that this could easily be done.
This acts as a reminder that Apple device users should purchase their chargers from official sources, ideally directly from Apple online or a local Apple store. It’s likely that these modified chargers could turn up on sites like eBay and Amazon, causing people to lose their personal data.