Apple power adapter security flaw to be patched in iOS 7
Security hole in current versions of the mobile operating system could allow malware to be uploaded to iOS devices via a malicious USB charger.
A security flaw in Apple's iOS 6 that could theoretically allow malware to be uploaded to iOS devices via a malicious power adapter will be patched in the next version of Apple's mobile operating system, Apple said Wednesday.
The hack, dubbed Mactrans by the three researchers from the Georgia Institute of Technology who discovered the flaw, was demonstrated Wednesday at the Black Hat security conference in Las Vegas. The trio announced in June that they had developed a proof-of-concept that showed how a malicious iPhone charger lets them hack into the mobile device running the latest version of Apple's iOS in less than one minute -- no jailbreaking required.
An Apple representative told Reuters today that the vulnerability had been repaired in the latest iOS 7 beta, which is already in developers' hands.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said.
The researchers' custom-built charger, which was built in about a week for about $45, contains a tiny Linux-based computer programmed to attack iOS devices, according to Wednesday's presentation by Billy Lau, the researcher who constructed the device. Malware uploaded to iOS devices could give access to passwords and sensitive financial information as well as communications and the device's location, Lau said.
"It can become a spying tool," Lau said.
Lau said the vulnerability doesn't affect Android devices because that operating system warns users when their device is plugged into a computer.