The yearly BlackHat event that caters to those in the infosec community is still some weeks away, but the anticipation surrounding some of the topics is already starting. Every year we’re treated to a variety of research that is announced at the event. Much of it goes largely unnoticed by the public, but lately we hear more and more about something in the mainstream news that really catches public attention. This year’s lineup promises a bunch of new interesting briefings. One of the several that caught my eye is a briefing to be presented by Billy Lau, Yeongjin Jan, and Chengyu Song. The research they are presenting promises to show their discoveries of how to inject malware into IOS devices using malicious chargers.
Their vector was chosen based on the seemingly innocuous daily act of charging your IOS devices and the perception that IOS devices are somehow inherently more secure those based on other mobile platforms. The result of their research showed that iOS’ significant defense mechanisms were not able to prevent the insertion of malware onto IOS devices through the charging devices. This happened without any requirement of user intervention, it didn’t require a “jailbreak”, and it involves Apple’s latest iOS version. Not only are all iOS users at risk, the attack takes less than a minute. The exploit utilizes USB capabilities to defeat the iOS security mechanisms, and they have been further been able to use Apple’s own ability to hide built-in applications to hide this infection. The project involved a specialized proof of concept charger, called “Mactans”. The project charger was built with a low-power open-source $45 ARM-based microcomputer called a BeagleBoard. The cost, ease and limited amount of effort it took to construct the device was intentionally limited to demonstrate that the flaw did not require an extraordinary amount of resources to execute. This should put the iOS community on notice to say the least.
Fortunately the researchers are also sharing advice on how users can protect their personal devices as well as advice for Apple on how to implement better security features that should address these weaknesses. Typically the researchers have done the “white hat” thing and notified Apple ahead of time of what they were able to accomplish, so it is likely the company has fixes for some of the issues on its roadmap.
Anyway, last year it was the defeat of door locking systems in use around the country in millions of hotel rooms. That hack was later demonstrated with a cheap device that could be fit into the barrel of a hollow ink marker. The issue made headlines around the web and raised some real issues about security and the products we assume are secure by design. This year’s Black Hat event appears to have at least one major headline grabbing story in what this briefing will cover. I for one will definitely be paying attention to this particular story.