Computer scientists at the Black Hat hacking convention in Las Vegas have exposed a flaw in Apple's security that leaves iPhones and iPads exposed to hackers when the victim attempts to connect the device to a fake charging station. However, Apple says it is aware of the flaw and that it has been fixed in the latest version of the iOS 7 beta.
On Wednesday, three computer scientists who alerted Apple to the problem earlier this year demonstrated the security vulnerability at the conference where some 7,000 security professionals are learning about the latest and greatest threats posed by modern-day computer hackers. According to Reuters, Billy Lau, a research scientist from the Georgia Institute of Technology and graduate students Yeongjin Jang and Chengyu Song, did the work on the hack. At the demonstration the group plugged an iPhone into a custom-built charger they had equipped with a tiny Linux computer that was programmed to attack iOS devices. For the price of about $45 and one week of design labor, they proved hackers could go as far as gaining remote control access to a person's iPhone, allowing him or her to steal banking information, passwords and read e-mails.
Lau told Reuters that he and his team were publicizing the issue in the spirit of "white hat" haking, which is the process of finding security bugs in order to alert manufacturers who can fix them before they are exploited by real criminals.
"Security doesn't work if you bury the problems," he said.
"We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr said. However, the company says it is well aware of the glitch and has already fixed it for the iOS 7 beta that is currently available to developers. However, until iOS 7 is officially released to users in the fall, iPhone and iPads that aren't running the developer beta are vulnerable to this attack. Users should take extra caution in plugging their device into a strange charger, especially one of the new public ones being rolled out in cities and shops across the U.S.
Lau said that Google Inc.'s Android operating system is not vulnerable to the same kind of attacks.
