Not long ago one of my friend was skeptical of using any airport “quick phone chargers”. It was a scary concept but as technology is turning towards mobile it comes with no surprise that attackers are targeting power points.The bogus chargers which charges the phone also has transformers. The Iphone treats this as a computer that charges iphone and also responds to the device.
As per net-sec, chargers usually contain only transformers, but this one holds a small computer – a BeagleBoard – running Linux which can send USB commands to the connected iPhone, which will automatically trust the source and accept the commands.
As per Arstechnica.com , the researchers used their USB host to install an app package onto any iPhone that gets plugged in. iOS guards against installation of arbitrary applications with a strict sandboxing system, a feature that has led to the widespread practice of jail breaking. This attack doesn’t need to jailbreak,instead, it takes advantage of the system that Apple devised to permit developers to deploy applications to their own devices for testing purposes. Deploying such applications requires the creation of a provisioning profile. A provisioning profile identifies a specific phone and a specific application, allowing the named application to run on the named device. These provisioning profiles are generated by Apple and installed over USB.
The malicious charger interrogates the attached iPhone to read its UDID, the unique ID number that identifies a particular iPhone. It then sends the UDID to Apple’s Web page that generates provisioning profiles. With the provisioning profile in hand, it can deploy the provisioning profile to the phone, and then deploy the malicious app identified by the provisioning profile.
Though the malicious app is still sand boxed, it doesn’t have to pass through Apple’s normal application vetting process, and so it can still do plenty of useful malicious things. The demonstration showed a malicious Facebook app that replaced the real Facebook app with a Trojan version. The Trojan version could then do things like take screenshots of the iPhone whenever passwords are being entered, and simulate key presses to, for example, dial numbers without user intervention.
This issue may be patched with the next apple version. However this may not impact huge number of users unless they have a bogus charger.
