Thanks to a group of sleuthing Georgia Tech researchers, it was uncovered that iOS had an unusual security exploit. Apparently a person could use a third-party charger with a hidden computer to install malware to a plugged in iOS device that is unlocked.
During a recent hacking conference, the researches demonstrated their findings when they simply plugged an iPhone into a custom-built charger they equipped with a tiny Linux computer that was programmed to attack iOS devices. They said it cost about $45 to buy and a week to design.
It infected the phone with a computer virus designed to dial the phone of one of the researchers, which it did.
The concern is that real-world cyber criminals could build viruses that would give them remote control of the devices. That would enable them to take screen shots for stealing banking passwords and credit card numbers. They could also access emails, texts and contact information or track the location of the phone’s owner, Lau said. The research team wanted to go public with the issue in support of “white hat” hacking, which is finding security bugs so that manufacturers can fix them before criminals exploit them.
Apple was quick to respond to news of the exploit and has already confirmed that the iOS 7 beta 4 build will contain a patch. Apple has yet to disclose what the fix will entail, but that doesn’t mean Georgia Tech researchers aren’t already speculating. According to Georgia Tech’s Billy Lau, he believes that the new OS can tell when it’s plugged into a computer instead of a charger, which should avoid any unwelcome malware surprises.
We’ll keep our iOS users updated when the patch becomes available. Right now it looks like Apple’s devices will remain vulnerable to attacks until the company releases its iOS 7 software update, which is slated for this fall.