Researchers from the Georgia Institute of Technology are claiming that they have developed a method to inject arbitrary software into iOS via a USB wall-charger.
This ostensibly innocuous charger, which the researchers have named “Mactans,” can be used to install malicious software without requiring any user input or the phone to be jailbroken, and completes installation in less than a minute, Forbes reports.
The announcement comes ahead of the Black Hat security conference scheduled for late July. The team from Georgia Tech has not released any details of their work, but plan to show off a proof-of-concept at the conference.
The charger was built using a BeagleBone, a $45 open-source single-board computer. This small PCB measures 3.4 x 2.1 inches, so it’s not going to fit into a standard sized Apple charging unit, but could easily be installed into a docking station or external battery pack.
The team warns that a group with more resources could potentially build a device that is more advanced, suggesting it’s possible to make it even smaller: “While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish."
What’s more, the researchers say that the malicious software injects itself in a manner that disguises it similarly to the way Apple hides its own inbuilt software, so that the user cannot see or modify it. The hack can compromise iOS devices running the latest version of the operating system.
One of the Georgia Tech researchers, Yeongjin Jang, said that his team reached out to Apple regarding the exploit on Friday, but they haven’t yet received a response.