Apps and chargers can make iPhones 'hack-prone'

Aug 01, 2013
  • Email this page
  • Printer-friendly version
Tags:
iphone_4.jpg

Tbilisi: Apple's iPhones are vulnerable to hacking through its applications and peripherals like chargers, a new study has revealed.
The study conducted by reseachers at the Georgia Tech Information Security Center have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform
GTISC Associate Director Paul Royal said that Apple utilizes a mandatory app review process to ensure that only approved apps can run on iOS devices, which allows users to feel safe when using any iOS app but they have discovered two weaknesses that allow circumvention of Apple's security measures.
Researchers Tielei Wang and Billy Lau found that malware can be installed onto iOS devices via Trojan Horse-style applications and peripherals and once the malicious app passes review and is installed on a user's device, it can be instructed to carry out malicious tasks.
Wang said that the research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps - all without the user's knowledge.
Additionally, Lau's team created a proof-of-concept malicious charger using a small, inexpensive single-board computer called Mactans, once plugged into an iOS device, Mactans stealthily installs a malicious app.
Lau said that Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software and all users are affected.
Soon after the researchers reported the bug to Apple, the company implemented a feature in iOS 7 that notifies users when they plug their mobile device into any peripheral that attempts to establish a data connection.

Post new comment

<form action="/comment/reply/247179" accept-charset="UTF-8" method="post" id="comment-form"> <div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Your name: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="60" name="name" id="edit-name" size="30" value="Reader" class="form-text required" /> </div> <div class="form-item" id="edit-mail-wrapper"> <label for="edit-mail">E-Mail Address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="mail" id="edit-mail" size="30" value="" class="form-text required" /> <div class="description">The content of this field is kept private and will not be shown publicly.</div> </div> <div class="form-item" id="edit-comment-wrapper"> <label for="edit-comment">Comment: <span class="form-required" title="This field is required.">*</span></label> <textarea cols="60" rows="15" name="comment" id="edit-comment" class="form-textarea resizable required"></textarea> </div> <fieldset class=" collapsible collapsed"><legend>Input format</legend><div class="form-item" id="edit-format-1-wrapper"> <label class="option" for="edit-format-1"><input type="radio" id="edit-format-1" name="format" value="1" class="form-radio" /> Filtered HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Allowed HTML tags: &lt;a&gt; &lt;em&gt; &lt;strong&gt; &lt;cite&gt; &lt;code&gt; &lt;ul&gt; &lt;ol&gt; &lt;li&gt; &lt;dl&gt; &lt;dt&gt; &lt;dd&gt;</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> <div class="form-item" id="edit-format-2-wrapper"> <label class="option" for="edit-format-2"><input type="radio" id="edit-format-2" name="format" value="2" checked="checked" class="form-radio" /> Full HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> </fieldset> <input type="hidden" name="form_build_id" id="form-7d33bcb0772e21d4b97c2d28cfeb4f56" value="form-7d33bcb0772e21d4b97c2d28cfeb4f56" /> <input type="hidden" name="form_id" id="edit-comment-form" value="comment_form" /> <fieldset class="captcha"><legend>CAPTCHA</legend><div class="description">This question is for testing whether you are a human visitor and to prevent automated spam submissions.</div><input type="hidden" name="captcha_sid" id="edit-captcha-sid" value="80622002" /> <input type="hidden" name="captcha_response" id="edit-captcha-response" value="NLPCaptcha" /> <div class="form-item"> <div id="nlpcaptcha_ajax_api_container"><script type="text/javascript"> var NLPOptions = {key:'c4823cf77a2526b0fba265e2af75c1b5'};</script><script type="text/javascript" src="http://call.nlpcaptcha.in/js/captcha.js" ></script></div> </div> </fieldset> <span class="btn-left"><span class="btn-right"><input type="submit" name="op" id="edit-submit" value="Save" class="form-submit" /></span></span> </div></form>

No Articles Found

No Articles Found

No Articles Found

I want to begin with a little story that was told to me by a leading executive at Aptech. He was exercising in a gym with a lot of younger people.

Shekhar Kapur’s Bandit Queen didn’t make the cut. Neither did Shaji Karun’s Piravi, which bagged 31 international awards.

Horoscope