Apps and chargers can make iPhones `hack-prone`: Study
Apple`s iPhones are vulnerable to hacking through its applications and peripherals like chargers, a new study has revealed.
Tbilisi: Apple`s iPhones are vulnerable to hacking through its applications and peripherals like chargers, a new study has revealed.
The study conducted by reseachers at the Georgia Tech Information Security Center have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform
GTISC Associate Director Paul Royal said that Apple utilizes a mandatory app review process to ensure that only approved apps can run on iOS devices, which allows users to feel safe when using any iOS app but they have discovered two weaknesses that allow circumvention of Apple`s security measures.
Researchers Tielei Wang and Billy Lau found that malware can be installed onto iOS devices via Trojan Horse-style applications and peripherals and once the malicious app passes review and is installed on a user`s device, it can be instructed to carry out malicious tasks.
Wang said that the research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps - all without the user`s knowledge.
Additionally, Lau`s team created a proof-of-concept malicious charger using a small, inexpensive single-board computer called Mactans, once plugged into an iOS device, Mactans stealthily installs a malicious app.
Lau said that Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software and all users are affected.
Soon after the researchers reported the bug to Apple, the company implemented a feature in iOS 7 that notifies users when they plug their mobile device into any peripheral that attempts to establish a data connection.