At a security conference, U.S. researchers have demonstrated how malware can infiltrate on Apple phones.
The iPhone comes to life, it itself enters the code to unlock the screen. Then it dials a phone number. When the called phone rings, there is much applause: The iPhone is hacked. Three security researchers at the IT conference Black Hat in Las Vegas shown how to inject programs written on an iPhone – unnoticed by the user, with a charging cable to the other end hangs a small computer.
Mactans call Billy Lau, Yeongjin and Jang Song Chengyu the attack, they had already announced in June. The only requirement for the trick: The phone must be unlocked. But that, as the researchers say, the user would do regularly anyway, about to read the time to view the weather or to check for new mail.
This moment, the researchers use in order to connect to the iPhone with a mini-computer that they have built into the power supply. For the iPhone, this is a normal behavior: as soon as it discovers on his cable connection a computer, it makes up for connection. Only one would normally expect a computer to an AC adapter.
The computer must be smaller
Once connected, the attacker read the unique identifier of the phone, called the UDID (unique device identifier), from. As a registered Apple developer you can register your phone with this code as a developer machine and prepare it so that it can install apps without examination and without going through the Apple Store. In addition, a smuggled in this manner app can be programmed so that it can access internal functions of the iOS operating system, which Apple would not otherwise let it go.
The entire process is automated and executed by the Linux PC power supply in less than a minute. For their presentation, the researchers use a BeagleBoard-PC, about palm-sized Linux computer that could be accommodated in any case in a mobile power supply. The technique could be smaller but with a little more effort, in principle, it should fit on a fingernail.
Say no if the power supply will communicate
Lau and his colleagues also stated how to build apps that are not closed after ten minutes as usual in the background of the iOS operating system, but always remain active. They were able to own data from an app that runs in the background, make screenshots. This is convenient because when entering the password on iOS the last character typed is briefly visible in plain text, so the researchers from the Georgia Institute of Technology. With a number of screenshots so you could spy on passwords.
In a video showing how to replace it on an iPhone, the Facebook app of their own. The user notices them next to nothing: Starts Facebook, initially opens a blank page, then only Facebook – here the audience cheers. Apple has allowed developers to open a back door into the otherwise heavily guarded iOS realm.
A Safety Tip of the researchers, Apple has already followed: With the upcoming iOS version 7, which will be released in the fall, the phone will ask before connecting to a new device. So if a manipulated power supply required access to the device, you can prevent the connection. Whether for the latest iOS version 6 is an update planned, Apple has not yet announced.