14 DAY TRIAL // Billy Lau, Yeongjin Jang and Chengyu Song, all from the Georgia Institute of Technology, will demonstrate at the upcoming edition of the Black Hat security conference (July 27-August 1) how cybercriminals can inject malware into iOS devices by using malicious chargers. According to the presentation abstract, all users are affected. The attack method identified by the researchers doesn’t require any user interaction and it works even against devices that aren’t jailbroken.
The experts claim that their method allows an attacker to compromise an iOS device within one minute.
“We first examine Apple’s existing security mechanisms to protect against arbitrary software installation, then describe how USB capabilities can be leveraged to bypass these defense mechanisms. To ensure persistence of the resulting infection, we show how an attacker can hide their software in the same way Apple hides its own built-in applications,” the experts noted.
During their presentation, the researchers will recommend ways in which users can protect themselves against such attacks. They will also suggest a number of security features that Apple could implement to mitigate the threat.