This summer at the Black Hat security conference, researchers from the Georgia Institute of Technology plan to demonstrate an iPhone charger that can be used to discretely install malware on a device running the latest version of iOS. Apple has yet to respond to this security threat.
The charger is constructed with an open-source single-board computer called a BeagleBoard, which retails for about $45. Since the BeagleBoard is about palm size, this current version of the malware charger is more likely to find its way into a public charging station or a larger portable charger rather than a traditional iPhone charger. Of course when people find a way to shrink the delivery system, this could turn into an even bigger issue.
This malicious charger can compromise an iOS device in less than a minute, installing malware that is almost undetectable, requiring no human interaction and without needing a jailbroken device. Malware like this could include a trojan designed to steal and transmit contact information, passwords, or other private data. Malware could potentially be used to take complete control over your device or send messages without your permission.
So is this kind of threat overblown? Considering just how easily criminals have stolen millions of dollars by installing credit card skimmers at gas stations and ATMs, malware USB chargers don’t seem much of a stretch at all.