Apple releasing update to prevent fake charger hacking attacks

Finding a charger for your smartphone in a public place can be a huge relief, but if you’re not careful, it can lead to big problems for you and your smartphone.

At the Black Hat hacker conference in Las Vegas this week, three researchers demonstrated how they were able to hack a smartphone in less than 60 seconds by using a tiny LINUX computer and a malicious app. Now, Apple has responded to this research by including an update for iOS 7 (which is yet to be released to the general public) that will prevent your iPhone from being affected.

The team of Billy Lau, Yeongjin Jang and Chengyu Song from the Georgia Institute of technology built a malicious charger they called “Mactans” which is small enough to appear to be just a charger, but also contains a small computer. When an iPhone 5 plugs into the computer through a USB connection, it will begin charging. It also unlocks as the device assumes as if you’ve attached it to a computer via USB you trust.

The researchers created this computer to take advantage of a feature Apple included for developers that allows apps to be deployed to personal phones for testing purposes. Once the Mactans computer is loaded up with a package of malicious test apps, all that needs to be done is for some unsuspecting iPhone user to come along, plug in their phone, let the computer read their iPhone’s unique ID number and the malicious apps can be installed. These applications can be used to steal private data from the phone, BBC reports.

[ More Right Click: SIM card vulnerability could lead to widespread phone hijacking ]

Ars Technica explains that there are limits to these kinds of attacks: the iPhone’s screen needs to be unlocked, and the attacker who placed the computer needs to have a valid developer’s account. There’s also a maximum of 100 UDIDs that can be associated with a developer account, limiting the number of times this kind of attack could be done. Nevertheless, the group behind the Mactans device explains that this would work if the attacker had a specific target in mind, instead of a widespread attack.

In response to the research, Apple has announced it will be including an update to iOS 7 that will ask users if they should trust the computer they are connected to when plugging in via USB. If you’re plugging into one of these Mactans-type devices, you’ll find out immediately and can disconnect before your information has been compromised.

For more on the Black Hat conference, check out this video on the relationship between the U.S. government and the hacker community:

Need to know what’s hot in tech? Follow @YRightClick on Twitter!