These days is being held in Las Vegas security conference Black Hat USA , an event that brings together thousands of experts to hear how some of his colleagues have been able to exploit flaws in products as diverse as Apple iOS, they defend projects such as PRISM, or talk about how they are affecting rewards programs reveal when zero day bugs.
It was in this environment in which three university researchers have presented a method to infect iOS devices through its power charging port.
Billy Lau, Yeongin Jang Song Chengyu, the Georgia Tech Information Security Center, alerted Apple to the problem earlier this year, and the company claims to have fixed in the latest iOS beta 7 was just released to developers.However, not until the fall when users get the new version of the operating system.
During his demonstration, the researchers connected an iPhone to a charger specially crafted and equipped with a small computer based on Linux and iOS devices programmed to attack. The cost has been about $ 45 and a week of work in design.
The three experts explained that your device exploits a bug that allows matching devices without any notification to the user. Once the hacker gained access may perform tasks such as remote control device or hide applications. In his demonstration, the researchers hid iPhone Facebook application and installed in its place a malicious copy.
Although it might seem difficult to make use of an exploit that requires a user to connect your iOS device to a charger, the researchers say that you only need to leave one in public or take the software and techniques of attacking a PC or Mac OS X and release it when the device is synchronized.
What is certain is that once taken control of the device, could take screenshots to steal passwords to all types of services, or bank card numbers and access mail, contacts data, or track the location terminal.
Experts said during the presentation at Black Hat operating system Android is not vulnerable to these techniquesbecause it warns the user when connecting the device to a computer, even when you only want loaded.