As scary as it sounds – that iOS device which you thought was safe from hackers because Apple controls the App Store could get infected through a malicious charger. This is a major concern for IT departments who didn’t previously worry about Apple devices which were not jailbroken. It is now impossible to know which Apple devices have been infected meaning all of them are suspect.
An article on TMCnet by Steve Anderson explains that a group of researchers at the Georgia Institute of Technology discovered the exploit which can be duplicated via a device called a Mactans charger. The device is built via a BeagleBoard which is a TI-based single board computer and costs around $45.
The biggest fear you should have is that a malicious individual will install one of these on the cardio equipment of a gym which has an embedded 30-pin or Lighting adapter. Another obvious area is an airport lounge or coffee shop.
The researchers in question went on to contact Apple about the Mactans’ capabilities, though as yet have not received a response. But the Mactans itself can, reportedly, leave its malware behind in just under one minute of continuous exposure, and once it’s in, it can be extremely difficult to dislodge. According to the researchers, the malware can be hidden in much the same way that Apple hides its own built-in hardware, making removal a difficult proposition.
Efforts from Apple came quickly in terms of blocking the ability to jailbreak an iOS device by using a USB port, and given the kind of damage that Mactans can do, Apple will likely be moving all the more quickly to find patches to block Mactans’ capabilities. But with large numbers of people using Apple devices—especially iOS devices—it may well be that the metaphorical genie is out of the equally metaphorical bottle.
As mobile devices proliferate and the PC market decreases in importance, there an increased desire by hackers to keep up with the most popular devices. For IT departments everywhere this means they need to watch their BYOD device policy and ensure they are ready for the malicious attacks which could be produced as a result of unsuspecting users downloading a malicious program which affects the network and steals precious corporate data.
To learn more about the state of secure mobility and how your company can keep itself protected in the age of BYOD, attend the Secure Mobility Conference July 23rd, 2013 in NYC.