Apple has announced that the newest iOS 7 beta release includes a security update to protect its mobile devices from hacks using a modified phone charger or battery.
Last month, researchers from Georgia Tech revealed that a readily available circuit board could be concealed in a docking station or battery and used to exploit weaknesses in Apple’s mobile security.
154452714-iphone-chargers-290px.jpg
The researchers, who notified Apple of the vulnerability earlier this year, presented a proof-of-concept demonstration at the Black Hat USA 2013 conference in Las Vegas.
The researchers said the proof-of-concept malicious charger was built with a limited amount of time and a small budget.
In a summary of the presentation, the researchers said they had injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.
“All users are affected, as our approach requires neither a jailbroken device nor user interaction,” the summary said.
At the Black Hat conference, researchers Yeongjin Jang, Chengyu Song and Billy Lau used their proof-of-concept modified charger to infect a connected iPhone with a virus, causing the handset to call the smartphone of a team member.
The method could be used by cyber criminals to steal sensitive data or take control of the device remotely, they said.
The vulnerability does not affect Android devices because Google’s mobile operating system warns users when their device is plugged into a computer.
Apple’s fix, which is available in the latest iOS 7 beta release, is in the form of a notification to users warning them that they are not connected to a standard charger.
The fix will be included in the final version of iOS 7, which is due for release this autumn.
In announcing the security update, Apple thanked the Georgia Tech researchers for their “valuable input”.
Technology suppliers such as Microsoft have been severely critical of security researchers who fail to disclose vulnerabilities before going public.
In June, the company joined the growing list of other technology suppliers offering a bounty to reward those who report bugs to discourage them from selling their discoveries on the open market.
Microsoft said its new bug bounty schemes are aimed at helping to improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.
Last month, researchers from Georgia Tech revealed that a readily available circuit board could be concealed in a docking station or battery and used to exploit weaknesses in Apple’s mobile security.
154452714-iphone-chargers-290px.jpg
The researchers, who notified Apple of the vulnerability earlier this year, presented a proof-of-concept demonstration at the Black Hat USA 2013 conference in Las Vegas.
The researchers said the proof-of-concept malicious charger was built with a limited amount of time and a small budget.
In a summary of the presentation, the researchers said they had injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software.
“All users are affected, as our approach requires neither a jailbroken device nor user interaction,” the summary said.
At the Black Hat conference, researchers Yeongjin Jang, Chengyu Song and Billy Lau used their proof-of-concept modified charger to infect a connected iPhone with a virus, causing the handset to call the smartphone of a team member.
The method could be used by cyber criminals to steal sensitive data or take control of the device remotely, they said.
The vulnerability does not affect Android devices because Google’s mobile operating system warns users when their device is plugged into a computer.
Apple’s fix, which is available in the latest iOS 7 beta release, is in the form of a notification to users warning them that they are not connected to a standard charger.
The fix will be included in the final version of iOS 7, which is due for release this autumn.
In announcing the security update, Apple thanked the Georgia Tech researchers for their “valuable input”.
Technology suppliers such as Microsoft have been severely critical of security researchers who fail to disclose vulnerabilities before going public.
In June, the company joined the growing list of other technology suppliers offering a bounty to reward those who report bugs to discourage them from selling their discoveries on the open market.
Microsoft said its new bug bounty schemes are aimed at helping to improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.
No comments:
Post a Comment