Plugging your phone into a charger should be pretty safe to do. It should fill your phone with electricity, not malware. But researchers from Georgia Institute of Technology have produced fake chargers they've named Mactans that do more than just charge your phone: they install custom, malicious applications onto iPhones.
Their bogus chargers—which do, incidentally, charge the phone—contain small computers instead of mere transformers. The iPhone treats these computers just as it does any other computer, but instead of just charging, it responds to USB commands. It turns out that the iPhone is very trusting of USB-attached computers; as long as the iPhone is unlocked (if only for a split second) while attached to a USB host, then the host has considerable control over the iPhone.
The researchers used their USB host to install an app package onto any iPhone that gets plugged in. iOS guards against installation of arbitrary applications with a strict sandboxing system, a feature that has led to the widespread practice of jailbreaking. This attack doesn't need to jailbreak, however.
Read 6 remaining paragraphs | Comments