Apple plans to issue a software update to help its products
avoid falling victim to booby-trapped chargers.
The update has
been prepared in response to research that created malicious chargers that
could upload code onto devices plugged into them.
The work by
computer scientists at Georgia Tech in the US can compromise iOS devices in
about 60 seconds.
Apple's pending
update warns users to be sure they are using a trusted charging point when they
plug in.
The custom built
chargers include a small computer alongside the electronic components that pipe
power into an Apple iOS device.
The tiny computer
interrogates an iPhone or tablet and copies a unique ID number that identifies
that phone.
This is then used
on an Apple website to take advantage of an uploading tool usually used by
developers to test their software on an iOS gadget.
Instead of
uploading a program in development, the trio of researchers, Billy Lau,
Yeongjin Jang, and Chengyu Song, managed to upload an application that stole
data.
The malicious
chargers and their associated data-stealing application were demonstrated at
the Black Hat hacker conference currently under way in Las Vegas.
In the demo, the
trio showed off a fake Facebook app that could grab screenshots of passwords
and make calls on behalf of an attacker.
The limited
nature of the attack, which requires phones to be unlocked and for attackers to
be a registered developer with Apple, were noted by tech news site Ars Technica.
The researchers
from Georgia Tech's Information Security Center gave some details about their
attack in June and this prompted Apple to prepare an update for devices running
version seven of its iOS operating system. The update is currently part of the
beta release for iOS 7. The final version of iOS7 will be released in the
Autumn.
The update asks
users if they are sure they can trust the device they are using to charge their
phone or tablet.
Untrusted devices
get no access to the internals of an iOS gadget.
Source: http://www.bbc.co.uk
0 comments:
Post a Comment