Revealed: How a “malicious charger” infects iPhone with spyware in under a minute

Borrowing an iPhone charger – or using one in a public place – might be more risky than you think. Researchers from Georgia Tech showed off an attack this week which used a modified iPhone charger to infect an iPhone 5 with spyware in under a minute.

Georgia Tech researchers showed off that a custom-built USB charger was able to infect iPhone 5 with a modified Facebook app capable of spying on users and passing information to a third party.

The presentation, at the Black Hat security conference in Las Vegas, also showed off a proof-of-concept attack, Jekyll, which would allow an app to pass through Apple’s strict approval process, by rearranging itself to create new functionality that is not exhibited during Apple’s approval process.  “We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Georgia Tech researcher Tielei Wang. “Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks.”

“Apple utilizes a mandatory app review process to ensure that only approved apps can run on iOS devices, which allows users to feel safe when using any iOS app,” said Georgia Tech Associate Director Paul Royal. “However, we have discovered two weaknesses that allow circumvention of Apple’s security measures.”

The “malicious charger” used by Billy Lau’s team  was built using an open-source single-board computer, and can compromise current-generation iOS devices without any user interaction.

The researchers named their “malicious charger” Mactans – a reference to latrodectus mactans, the scientific name for the southern black widow spider.

“Despite the plethora of defense mechanisms in iOS, Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software,” said Lau.

“Mactans reads a connected device’s Unique Device Identifier, registers it as a developer’s test device in seconds, and then uses its privileges as a developer to install its malware,” according to a report by Andy Greenberg in Forbes.

The researchers presented Apple with their findings – and the company has implemented a feature in the upcoming iOS 7 which notifies users when they plug their device into a peripheral that attempts to establish a data connection.

Apple has said it is working to address the issues raised by Jekyll, according to the researchers.

Author Rob Waugh /Rob Waugh, WeLiveSecurity/

Author , We Live Security

  • LindaClaudine

    This doesn’t surprise me at all. I have posted once before on this matter (Sophos declares year of Malware) and Bart replied “nice story – but I don’t believe it; hogwash.” Well, whatever. I do know that as I have become more proficient on the OSX platform, my opinion has not changed. Prior to my 3 year contract with Apple running out, I found a backdoor account on my Macbook, deleted it and contacted Apple one final time. Took me a bit, but got to a “higher up”. When I followed up, the part about me deleting what I believed was a backdoor account AND that a mysterious bookmark appeared on my Bookmark Bar called “So long and thanks for all the fish.”, which should have taken one to, but didn’t as according to Safari, the server would not respond (I had already added protection software to my Mac so don’t know which kept the site from responding, or something else) was not noted in my case file. Since that “higher” tech never did get back with me, the last one I spoke to told me that technically my case was still open even though my 3 years were up. He was nice, but gave me the same platitudes that my Macbook was safe, my iPhone was safe, I had nothing to worry about. I can’t help but believe that Apple is in for a day of reckoning at some point, especially for all those unprotected individual owners out there. But I’m sure I’ll get another response about what a good story this is or how I probably took an Ambien and forgot that I put that bookmark on my bar myself. Thanks for keeping us up on the latest.

Follow us

Copyright © 2017 ESET, All Rights Reserved.