Apple update to tackle charger hack attack
Apple plans to issue a software update to help its products avoid falling victim to booby-trapped chargers.
The update has been prepared in response to research that created malicious chargers that could upload code onto devices plugged into them.
The work by computer scientists at Georgia Tech in the US can compromise iOS devices in about 60 seconds.
Apple's pending update warns users to be sure they are using a trusted charging point when they plug in.
The custom built chargers include a small computer alongside the electronic components that pipe power into an Apple iOS device.
The tiny computer interrogates an iPhone or tablet and copies a unique ID number that identifies that phone.
This is then used on an Apple website to take advantage of an uploading tool usually used by developers to test their software on an iOS gadget.
Instead of uploading a program in development, the trio of researchers, Billy Lau, Yeongjin Jang, and Chengyu Song, managed to upload an application that stole data.
The malicious chargers and their associated data-stealing application were demonstrated at the Black Hat hacker conference currently under way in Las Vegas.
In the demo, the trio showed off a fake Facebook app that could grab screenshots of passwords and make calls on behalf of an attacker.
The limited nature of the attack, which requires phones to be unlocked and for attackers to be a registered developer with Apple, were noted by tech news site Ars Technica.
The researchers from Georgia Tech's Information Security Center gave some details about their attack in June and this prompted Apple to prepare an update for devices running version seven of its iOS operating system. The update is currently part of the beta release for iOS 7. The final version of iOS7 will be released in the Autumn.
The update asks users if they are sure they can trust the device they are using to charge their phone or tablet.
Untrusted devices get no access to the internals of an iOS gadget.