Hacking Via USB Power Adaptors

One of the major tech news sites has an article discussing how easy it is to compromise an Apple iPhone by connecting it to a malicious USB charger.  For anyone going to Black Hat USA this will be one of the many briefings at this years show.

Sadly, this is not something new or revolutionary.   Two years ago a few “security researchers” set up a charging kiosk at DEF CON that was capable of this hack.  When a smart phone was plugged in the phone displayed a message chiding them for trusting a public charging station.

So if “juice-jacking” is nothing new why is it so revolutionary?  Many have tried to hack iOS and have been thwarted by several layers of defenses.  Unlike Android phones that display the USB port has been connected to a device, iOS devices do not show or have a way to prevent USB connections to the device.  What may come out of this hack is a plethora of iOS weaknesses.

Paring security is of concern on almost any device because of the fact most devices implement promiscuous paring.  Furthermore, iOS is set up so once you pair with a device that device can reconnect to the iOS device anywhere, anytime.

According to a Boston-based security researcher, Jonathan Zdziarski, an iOS device requires you to unlock it to connect it to a charger.  This unlocking gives the malicious power adapter the access it needs to compromise the system.  More on Zdziarski’s findings here to include source code.

Post by Protocol 46