The next time your plug in your iPhone into someone else's charger, you could be putting all your personal data at risk. Malicious software could be installed without your knowledge that lets hackers attack your device.
Georgia Tech Information Security Center researchers presented how they were able to hack into an iPhone using its charger at a briefing on Wednesday at the Black Hat cybersecurity conference in Las Vegas.
During a demonstration for CBSNews.com, research scientist Billy Lau and Ph.D. student YeongJin Jang explained that they installed software into a custom device, called Mactans, that mimics Apple's charger.
The device they presented, which is a small white box made with a 3D printer, is much larger than an iPhone charger. However, Lau says it is possible for a tenacious hacker to make a counterfeit version that looks exactly like one bought at an Apple store.
Once an iPhone is plugged into the device it could take less than a minute to install malicious software, called a Trojan. That time is lengthened to about 80 seconds if a specific app is being uploaded to duplicate and hide an existing one. After the Trojan is installed, an iPhone owner could carry on without knowing their phone is being attacked.
The researchers showed how a replica of Facebook's mobile app is installed on an iPhone. To the unsuspecting victim, nothing appears different, including the icon. Only a slight screen swap that lasts about a second gives any clue of suspicious activity. Everything else appears normal, but once the phone is turned off, the Trojan can begin to wreak havoc. The phone can then act on its own to punch in numbers and make calls.