Be cautious using untrusted USB connections and chargers for your mobile devices
21 August 2013
Malicious chargers can exploit mobile devices
A vulnerability has been discovered in Apple iOS devices, such as iPhones and iPads, allowing a modified USB charger to compromise the device.
Researchers have demonstrated how connecting an iPhone or iPad to a specially built USB charger has allowed malware or unwanted apps to be installed on the device.
Once connected to the charger, the phone's software essentially recognised the device as belonging to the attacker, enabling access.
Although only currently known to be successful in a research environment, the example highlights a growing need to be cautious about connecting your device to USB charging sources, especially sources you might not trust, such as public computers or free USB connections in airports and hotels. Any of these could, plausibly, grant unwanted access to your device.
Other scenarios, such as “jailbreaking” (removing controls put in place by Apple to restrict the software that can be installed) via USB connections are already well documented.
With the growing number of free, publicly available charging sources for our mobile devices, the security of those USB connections is a safety consideration you should be aware of.
Protecting your device
Apple has updated its forthcoming iOS7 operating system to protect against this newly discovered flaw. You are advised to update your system when it becomes available.
Mitigating this attack is also possible by keeping your device locked when charging, especially if using an untrusted charging source. This attack is only known to work if the device is unlocked while it is being charged.
Of course, using your own trusted charging sources is the simplest solution.