Iphones and other Apple devices can be compromised with malicious fake charger

Unless it’s one of the power strips that come with USB charging slots built into them. Curious if anyone’s seen a rise in the numbers of those at offices/schools/hotels/etc.

I knew there was a reason I wanted a SheevaPlug.

SheevaPlug is overkill for this, you could do this with a smaller slower chipset… you could probably build it into an existing charger if you were clever about it.

And the whole idea of only plugging you phone into a charger you own is flawed. I wouldn’t put it past any intelligence agency not to swap your charger with a visually identical one. You are better off with what stephen_ schenck suggests made of clear plastic.

This isn’t old (or the current wrinkle of iOS instead of Android isn’t) and is from this week at Black Hat. Did you read the links?

Try reading the article, dated August 1: http://securitywatch.pcmag.com/hacking/314361-black-hat-don-t-plug-your-phone-into-a-charger-you-don-t-own

Also curious that Cory does not mention that by keeping your phone locked while charging you will prevent this sort of attack until Apple can update the system. The phone must be unlocked while plugged into the offending charger. Then the attack is completely invisible.

Meanwhile Google is about to drop Android because Oracle wants a piece of every phone sale.

“Earlier this year” is literally on the first sentence of the article. It goes back at least a couple of months:

Incidentally, this comment system is absolutely vile on an iPad. Was it only tested on Ubuntu or something?

I hadn’t heard this, what is your source for this claim?

@Ogilvy I use Discourse all the time on my iPad 4, sometimes for hours. Are you referring to the bug where the composer bounces around on typing sometimes? That’s the only issue I’m aware of, and it’s on our list. Probably related to some JavaScript that is firing on keypress, or resize, or something.

Those don’t work properly. Apple devices expect ‘charge only’ devices to have a specific impedance between the data pins to indicate how much current the charger will supply.

Shouldn’t be hard to build. All you need would be a microcontroller to attempt a USB handshake once it gets power. The Trojan charger would have to initially respond in order to find out if an iPhone was connected or not.

1 Like

just wait until devices start to come with built-in powerline networking.

Yeah, particularly the bouncing issue. On the iPad Mini, at least, it happens every few seconds. Happy to hear it’s going to be fixed.

This topic was automatically closed after 5 days. New replies are no longer allowed.