Revealed: How a “malicious charger” infects iPhone with spyware in under a minute

Borrowing an iPhone charger - or using one in a public place - might be more risky than you think. Researchers from Georgia Tech showed off an attack this week which used a modified iPhone charger to infect an iPhone 5 with spyware in under a minute.

Georgia Tech researchers showed off that a custom-built USB charger was able to infect iPhone 5 with a modified Facebook app capable of spying on users and passing information to a third party.

The presentation, at the Black Hat security conference in Las Vegas, also showed off a proof-of-concept attack, Jekyll, which would allow an app to pass through Apple’s strict approval process, by rearranging itself to create new functionality that is not exhibited during Apple's approval process.  "We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices," said Georgia Tech researcher Tielei Wang. "Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks."

"Apple utilizes a mandatory app review process to ensure that only approved apps can run on iOS devices, which allows users to feel safe when using any iOS app," said Georgia Tech Associate Director Paul Royal. "However, we have discovered two weaknesses that allow circumvention of Apple's security measures."

The “malicious charger” used by Billy Lau’s team  was built using an open-source single-board computer, and can compromise current-generation iOS devices without any user interaction.

The researchers named their “malicious charger” Mactans - a reference to latrodectus mactans, the scientific name for the southern black widow spider.

"Despite the plethora of defense mechanisms in iOS, Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software," said Lau.

“Mactans reads a connected device’s Unique Device Identifier, registers it as a developer’s test device in seconds, and then uses its privileges as a developer to install its malware,” according to a report by Andy Greenberg in Forbes.

The researchers presented Apple with their findings - and the company has implemented a feature in the upcoming iOS 7 which notifies users when they plug their device into a peripheral that attempts to establish a data connection.

Apple has said it is working to address the issues raised by Jekyll, according to the researchers.

Author Rob Waugh /Rob Waugh, WeLiveSecurity/