|Apple Tries to Patch iPhone Port Security Flaw|
|By JON M. CHANG||Aug 1, 2013, 3:06 PM|
Some Apple customers were annoyed when the company changed the shape of the charging port for the iPhone 5. Now, another grievance can be attributed to Apple's charging port, but this time it's not just an inconvenience. It's a security flaw.
Apple says its forthcoming operating system will address the flaw, but the researcher who discovered it questions whether Apple's approach so far truly fixes the problem.
Billy Lau, a research scientist at Georgia Institute of Technology, gave a presentation at the Black Hat USA conference that demonstrated how to hack iPhones and iPads. He and two of his colleagues, Yeongjin Jang and Chengyu Song, hid a miniscule computer in a charger. The computer was able to get access into the devices and install its own apps.
Normally, Apple users peruse the App Store to pick and choose the apps that they want. However, there are very few safeguards set up to prevent a malicious app from being installed without the user's knowledge.
"There's another channel that's normally accessed by iOS developers in order to test their app before it hits the market," Lau told ABC News.
When developers connect a device to the computer to test their particular app, the computer reads the device's Unique Identifier, or UDID. After reading the UDID, the device will generate what's known as a provisional profile.
"Then, they can install any of their own custom-made apps," Lau said.
While the UDID isn't public information, it can be easily accessed once a device is plugged into a computer.
"The computer reads the UDID from the device instantaneously," said Lau.
A hacker with less-than-noble intentions can hide a computer in a charging device or a bigger object, like a music docking station. Once connected, it can generate its own provisional profile and gain access to both iPhones and iPads.
A hacker also isn't limited to a single device.
"There are Apple lounges with USB charging stations," said Lau. "It's a prime target that the [hacker] can use to reach many devices quickly."
If a charging station has been tampered with, then the hacker can gain access to many phones very quickly.
Lau and his colleagues notified Apple about the security flaw shortly after their presentation was approved for Black Hat back in May. Apple invited them to test their hack on a beta version of iOS7, the newest version of the operating system that is yet to be released.
"The device will now ask if you want to trust the computer you plug it into," said Lau.
However, Lau added that users might not know that the computer or peripheral they plugged into is an untrustworthy computer and can still be vulnerable to the hack.
"Fixes for the charger pairing vulnerability have been addressed in the latest beta of iOS7," Tom Neumayer, a spokesman for Apple, told ABC News. "We would like to thank the researchers for their valuable input."
Apple's proactive effort to fix the bug surprised Lau.
"Most of the time, Apple just seems to not respond or pretend that there is no problem," he said. "We demonstrated the weakness and it seems that, this time, they are really trying to do something."
The hack and Apple's response was first reported by Reuters.