Three researchers at the Georgia Institute of Technology are planning to show off a proof-of-concept charger at next month’s Black Hat security conference, that they claim can “invisibly install malware” on an iOS device, Forbes reports. The researchers are claiming that the hack neither requires a jailbroken device nor any user interaction.
The malicious charger, referred to as the “Mactans”, is reportedly built around an open-source single-board computer known as a BeagleBoard sold by Texas Instruments for around $45. While the researchers aren’t yet sharing the details of their work, a description of their talk posted to the conference website describes the results of the experiment as “alarming”. The researchers claim that their attack can hack an iOS device running the most recent version in less than a minute.
It’s not clear just how convincing that charger will be, of course, given that a three-inch square BeagleBoard can’t fit into the smaller power adaptors Apple sells for charging its gadgets. But a BeagleBoard could be hidden in a docking station or external battery, and the team hints that others with more resources may be able to advance their work: “While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.”
The researchers add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. “We show how an attacker can hide their software in the same way Apple hides its own built-in applications,” reads their description.
Yeongjin Jang, one of the Georgia Tech researchers, said that the team had contacted Apple about their exploit, but hadn’t yet heard back from the company.