Security researchers are promising to show off how an iPhone or iPad charger could infect your Apple device simply by plugging it in.
"In this presentation, we demonstrate how an iOS device can be compromised within one minute of being plugged into a malicious charger," is how researchers Billy Lau, Yeongjin Jang and Chengyu Song describe what they will show off at next month's Blackhat security conference.
The three researchers, who are based at the Georgia Institute of Technology, set out to see the extent that security threats are considered when performing everyday tasks like charging your iPhone or iPad. The results, the trio said, were alarming. "Despite the plethora of defence mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," they said. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."
The researchers have dubbed the malicious charger Mactans, which is in reference to the Latin name for the Southern black widow (Latrodectus mactans).
While the exact method used to install malware onto an iPhone has not been described by the researchers, they do describe the process of infection. Having first examined Apple's existing security mechanisms to protect against arbitrary software installation, the group will describe how USB capabilities can be leveraged to bypass these defence mechanisms.
In order for the malicious software to remain installed and unseen, the trio will show how "an attacker can hide their software in the same way Apple hides its own built-in applications."
Apple's iOS devices are seen as very secure by both consumers and security researchers alike, with renowned researcher Mikko Hypponen calling the App Store the biggest security innovation of the last decade.
Yeongjin Jang, one of the Georgia Tech researchers, spoke to Forbes about the his research and said the team had contacted Apple about their exploit, but hadn't yet heard back from the company, and declined to comment further.
To show off their discovery, the group has built a proof-of-concept charger which can be used to install malicious software on your iPhone simply by plugging it in. "This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed. While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish."
The group says it will reveal ways in which users can protect themselves and suggest security features Apple could implement to make the attacks we describe substantially more difficult to pull off.