Three Georgia tech hackers demonstrated how to install malware on an iPhone using a custom charger at the Black Hat USA 2013 conference, according to a report in ZDNet. The hack exploits a vulnerability that is present in all shipping versions of iOS, but has been patched in the latest beta version of iOS 7.
Billy Lau, Yeongjin Jang and Chengyu Song showed off their malicious “Mactans” charger that was constructed with a BeagleBoard running Linux. Once an iPhone was attached to the charger, an unsuspecting user could type in his passcode to access his phone and kick off a chain events that would compromise his handset. In the Black Hat demo, custom software running off the BeagleBoard deleted the Facebook app on the phone and replaced it with a fake, malicious app.
The Georgia Tech team informed Apple about this vulnerability, but it has not bee patched in iOS 6 or older. Apple told Reuters that this vulnerability has been closed in iOS 7 beta 4. “We would like to thank the researchers for their valuable input,” Apple spokesman Tom Neumayr told Reuters.