A major bragging right of Apple fans has been the security of their devices against hackers and malware. Well, iPhone and iPad owners, it’s time to start being more vigilant.
Researchers at the Georgia Tech Information Security Center have uncovered new vulnerabilities that give hackers access to iOS devices. One involves a malicious code found inside of apps that can be planted on the Apple App Store, and another involves malware installed into Apple charging stations.
The Georgia Tech researchers created an attack that allowed them remotely take control of a batch of devices. The malware allowed them to post tweets, take photos and even access other apps. They successfully got this code published on the Apple App Store.
The team also created a USB charger that allowed them to install apps to an iOS device within minutes of it getting plugged in. Users would have no idea that the apps were installed.
The device, which the Georgia Tech team named Mactans, was made with a 3-D printer and resembles an official Apple charge, though it is noticeably larger.
In a demonstration at the Black Hat cybersecurity conference in Las Vegas, the hacker accessed an iPhone after it was plugged into the USB charger to hide the Facebook app and install a malicious version in its place. After the malware did its job, it launched the real version of Facebook, not leaving any reason for the user to be suspicious.
The flaws have been reported to Apple, and the company is apparently fixing the flaw before the release of iOS 7. One new feature will notify users when their device is plugged into something that establishes a data connection. It’s unclear if there will be a fix for iOS 6.