Three researchers plan to demonstrate at an upcoming online security conference how they successfully hacked into Apple iOS devices using a "malicious charger."
The researchers from Georgia Institute of Technology posted an outline for their presentation on the website for the Black Hat USA 2013 conference coming up at the end of July.
They said Apple products are generally seen as being more secure than others and they wanted to investigate whether that view is accurate, especially when it comes to everyday activities such as charging a device.
"The results were alarming: despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.
“All users are affected, as our approach requires neither a jail-broken device nor user interaction," they said in the write-up.
The researchers -- Billy Lau, Yeongjin Jang and Chengyu Song -- managed to accomplish their goal by incorporating a three inch-square BeagleBoard into a charger cable. The open-source single-board computers can be purchased on the Internet for around US$45.
Because the charger uses a USB port, it was able to load the Apple device with an infection that is "persistent" and hard to spot because it can be hidden "in the same way Apple hides its own built-in applications," the researchers wrote.
The infection was completed within one minute of the charger being plugged into the device.
"In this presentation...we first examine Apple's existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms," says the description of the presentation.
The researchers called the malicious charger "Mactans," which appears to be a reference to latrodectus mactans -- the Latin name for the venomous black widow spider. The female of the species is known for sometimes eating its mate after reproduction.
