Security researchers have discovered a way to push software onto an iOS device using a modified charger. The team at Georgia Institute of Technology says its charger was able to upload arbitrary software to an iOS device within one minute of it being plugged in. According to the researchers, "all users" are at risk, as the hack doesn't require any user interaction. Hackers are even capable of hiding the applications, so they don't show up in the device's app list. It's not clear if the charger is able to upload malicious code — Apple's iOS devices, by default, are "sandboxed" and will only install and run properly signed apps — but this is a worrying development regardless.
The malicious charger looks nothing like Apple's
The charger itself is fairly large — it's based on the BeagleBone, a tiny Linux PC the size of a credit card — so it's unlikely to be able to be scaled down to fit in a regular iPhone or iPad charger casing anytime soon. The hack and charger will be demonstrated at the Black Hat security conference in July. During a presentation of their findings, the researchers will detail how USB capabilities are able to bypass Apple's defense mechanisms, and explain what Apple can do to make hacks like this one harder to pull off.