Security hole in current versions of the mobile operating system could allow malware to be uploaded to iOS devices via a malicious USB charger. July 31, 2013 8:46 PM PDT (Credit: Josh Lowensohn/CNET) A security flaw in Apple's iOS 6 that could theoretically allow malware to be uploaded to iOS devices via a malicious power adapter will be patched in the next version of Apple's mobile operating system, Apple said Wednesday. The hack, dubbed Mactrans by the three researchers from the Georgia Institute of Technology who discovered the flaw, was demonstrated Wednesday at the Black Hat security conference in Las Vegas. The trio announced in June that they had developed a proof-of-concept that showed how a malicious iPhone charger lets them hack into the mobile device running the latest version of Apple's iOS in less than one minute -- no jailbreaking required. Related stories Apple said to use Samsung components on A7 iPhone chip Android wins in app downloads, but iOS makes more money New non-Retina iPad Minis hinted at in iOS 7 code An Apple representative told Reuters today that the vulnerability had been repaired in the latest iOS 7 beta, which is already in developers' hands. "We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said. The researchers' custom-built charger, which was built in about a week for about $45, contains a tiny Linux-based computer programmed to attack iOS devices, according to Wednesday's presentation by Billy Lau, the researcher who constructed the device. Malware uploaded to iOS devices could give access to passwords and sensitive financial information as well as communications and the device's location, Lau said. "It can become a spying tool," Lau said. Lau said the vulnerability doesn't affect Android devices because that operating system warns users when their device is plugged into a computer.
Security hole in current versions of the mobile operating system could allow malware to be uploaded to iOS devices via a malicious USB charger.
A security flaw in Apple's iOS 6 that could theoretically allow malware to be uploaded to iOS devices via a malicious power adapter will be patched in the next version of Apple's mobile operating system, Apple said Wednesday.
The hack, dubbed Mactrans by the three researchers from the Georgia Institute of Technology who discovered the flaw, was demonstrated Wednesday at the Black Hat security conference in Las Vegas. The trio announced in June that they had developed a proof-of-concept that showed how a malicious iPhone charger lets them hack into the mobile device running the latest version of Apple's iOS in less than one minute -- no jailbreaking required.
Related stories
- Apple said to use Samsung components on A7 iPhone chip
- Android wins in app downloads, but iOS makes more money
- New non-Retina iPad Minis hinted at in iOS 7 code
An Apple representative told Reuters today that the vulnerability had been repaired in the latest iOS 7 beta, which is already in developers' hands.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
The researchers' custom-built charger, which was built in about a week for about $45, contains a tiny Linux-based computer programmed to attack iOS devices, according to Wednesday's presentation by Billy Lau, the researcher who constructed the device. Malware uploaded to iOS devices could give access to passwords and sensitive financial information as well as communications and the device's location, Lau said.
"It can become a spying tool," Lau said.
Lau said the vulnerability doesn't affect Android devices because that operating system warns users when their device is plugged into a computer.
