USB charger hack

Starts off about the iPhone but later suggests any iOS device with USB.

http://www.bbc.co.uk/news/technology-22764815

Ah, I wondered what the Black Hat hit prostitutes would come up with this year.

Think about the amount of self-destructive behaviour needed to be affected by such a threat.

There seem to be lots of fancy multi-gadget chargers about though. That's probably why that's the route they chose.

I expect the vulnerability as described applies to conventional apps as well.

It's a good piece of social engineering. Cheap USB charger on eBay - bingo.

As opposed to free USB charger with phone....

Apple devices with security issues? Who would have thought eh.

Shouldn't bad things that get in be called grubs, rather than viruses?

In reply to a post by Pipexer:

Apple devices with security issues? Who would have thought eh.

Witless trolling that contributes nothing? Who da....

In reply to a post by Pipexer:

Apple devices with security issues? Who would have thought eh.

It's an interesting attack vector that Apple have probably not considered.

Sounds like you're an apple fanboy. It was not a trolling attempt, but perhaps a sarcastic comment reflecting the worrying trend or attitude going on of "Let's switch to iPads and it will solve all our problems", actually, they don't whatsoever. This simplicity comes at a big price, management is a headache, and the argument for security is not necessarily valid...

I am sure Windows and Android devices may be susceptible to the same sort of attack. My point was not to mock apple in particular, just point out that clearly, these devices are not 100% secure and as mentioned previously, the attitude that they are is very concerning indeed.

...or even a broken, or second, charger. I agree that there should be no place for third-party chargers for any device. Unfortunately, the market doesn't recognize that lack of need.

You would think this vulnerability could be easily fixed by an update to the OS or firmware... so, probably nothing to worry about (until the next exploit comes round of course!)

Apple are not noted for fixing security issues quickly, but hopefuly they have learnt from the past.

A manned moonlanding is also demonstrably possible. I don't see hackers lining up to do it. I rather suspect that the same sort of expensive hardware based hack can work on any USB host device regardless of format (Phone, Mac, PC, Tablet or Toaster) or the OS deployed on it.

I rather suspect that the same sort of expensive hardware based hack can work on any USB host device

Yes, but no-one gives two hoots if other platforms are vulnerable. There's no click bait without Apple (and, let's face it, Black Hat's track record of tilting things to make Apple kit look more vulnerable than it really is scarcely counts as news itself)

Still, it helps keep track of who the witless trolls are, I suppose.

I am fairly sure that PCs (edit - the OS at least) are immune (or at least nothing in the public domain) to any of this stuff. Of course, that does not mean it is immune from an offline attack etc, but that is not comparable to what this is.

The seriousness of this is actually quite considerable, but as its only a proof of concept and as I suspect can be corrected by firmware or OS update, storm will probably blow over.

The "I told you so" element is because the charging and data transfer is integrated into the same connection. if it was separate it wouldn't be an issue because it goes without saying if you plug a USB stick into your computer that is dubious you are asking for trouble, whereas it is second nature to plug a charging cable into your iPad that you do not own, i.e., in a coffee shop or whatever - and actually encouraged as part of it being portable etc. As soon as manufacturers go down the line of integrating charging with data transfer, they need to make damn sure this situation cannot happen.

tbh - not enough info from the article to make a judgement, but this is where Apple and their "we control the hardware" attitude comes back to bite them, whether it is a vulnerability in the hardware, firmware, OS or whatever, they made it, their problem.

Edited by Pipexer (Wed 05-Jun-13 00:14:45)

In reply to a post by ian_c:

I rather suspect that the same sort of expensive hardware based hack can work on any USB host device

Yes, but no-one gives two hoots if other platforms are vulnerable.

Erm, yes they damn well do!!! Apple is the least picked on company out there! Mainly because the platform is more micky mouse than the others, sorry to upset you, but that's fact. Let's face it, there is more important data out there stored on Linux and Windows systems than is stored on iOS devices.

In reply to a post by ian_c:

Still, it helps keep track of who the witless trolls are, I suppose.

Sounds like sour grapes to me.

Edited by Pipexer (Wed 05-Jun-13 00:24:33)

In reply to a post by Pipexer:

In reply to a post by ian_c:

Still, it helps keep track of who the witless trolls are, I suppose.

Sounds like sour grapes to me.

I must admit I'm not sure who he is referring to. In my case, having sod all knowledge of any Apple issues, I picked up what looked to me as an interesting article that I thought might be a useful heads up for anyone using Apple USB-charged devices.

It seems possible he didn't see it in that light. That would be a shame.

I'm sure it is not aimed at you, probably me due to my initial comment, but interestingly ian_c has not put down any better discussion around the topic than I have now. If I wanted to drag up past posts from FC on the matter of "witless" comments I could but got better things to do. I think someone is just a bit upset that there is a valid vulnerability in an Apple product, and yes, the blame IS on apple. Windows and Linux users just accept the fact that the products have vulnerabilities (but are for the most part are secure) and just get on with it, rather than living in a pretend world.

Another witless comment, perhaps: http://www.zdnet.com/blog/security/kaspersky-apple-1...
(as it happens, I don't actually agree with it being as much as 10 years, but its not far off...)

Edited by Pipexer (Wed 05-Jun-13 00:48:12)

Talk about "witless trolls" has no part in a serious discussion. A symptom of someone who knows they are wrong, I'm afraid. New security vulnarabilites are always of concern, no matter whose equipment they apply to.

I must admit that I had overlooked the vector that Pipex mentions (charging away from base); it's a more serious vulnarability than I at first thought. Hopefully Apple will address it quickly.

In reply to a post by AEP:

Hopefully Apple will address it quickly.

Possible, but not probable imo.

They've just released OS X 10.8.4 (looks like a bug fix release), and Apple don't seem to like admitting to unfixed bugs too frequently

It always amuses me that a common complaint about Microsoft software is that "there are so many updates". People should try a really secure OS, like BSD, if they want to see frequent updates.

Expensive hardware, indeed. What hacker could afford $45 for a BeagleBoard?

I don't mind frequent updates as long as they don't require a re-boot¹, but security updates almost invariably do


¹ A purely personal aversion with no real logic behind it

In reply to a post by billford:

I don't mind frequent updates as long as they don't require a re-boot¹, but security updates almost invariably do


¹ A purely personal aversion with no real logic behind it

Ah - you go back to the days when the reboot after an update was a truly heart stopping event Something we all hung back on till someone else had done it and survived

In reply to a post by goldenoldie:

... when the reboot after an update was a truly heart stopping event

Yes- especially those which performed a double re-start

Apple is the least picked on company out there!

A statement only someone who does not bother reading the press could possibly make.

A non-story from the people who brought us pose2own for the purpose of gaining coverage mentions Apple to ensure coverage.

Talk about "witless trolls" has no part in a serious discussion.

Then engage in one.

You track record speaks for itself.

In reply to a post by billford:

In reply to a post by AEP:

Hopefully Apple will address it quickly.

Possible, but not probable imo.

They've just released OS X 10.8.4 (looks like a bug fix release), and Apple don't seem to like admitting to unfixed bugs too frequently

Since Around Panther the only update that has caused problems was Leopard and that, it turned out, because companies like Logitech were using haxies in direct contravention of Apple's programming guidelines (for which Apple inevitably got the short end of the stick - I remember giles, late of this parish, demanding that Apple test every conceivable combination of hardware and software before release).

I think

The problem is, you don't. That's what makes it witless.

In reply to a post by ian_c:

Since Around Panther the only update that has caused problems was Leopard and that, it turned out, because companies like Logitech were using haxies in direct contravention of Apple's programming guidelines (for which Apple inevitably got the short end of the stick - I remember giles, late of this parish, demanding that Apple test every conceivable combination of hardware and software before release).

I'm sure that's all true, but I don't see any particular relevance to the post you quoted (and replied to).

Did you intend to reply to this one? It would make more sense that way

Edited by billford (Wed 05-Jun-13 09:53:00)

Possibly.

I'm sure the world will still turn on its axis, it will long after a theoretical vulnerability requiring special kit is forgotten.

Chill Ian, put on flame retardant pants and let the rants wash over you. Remember, at least one of the ranters has actually bought a Windows tablet..

You make a fair point (although I prefer this place when it is people asking for and receiving help on matters Mac and iDevice, without the chuckle brothers engaging in their favourite hobby).

Windows tablet. Blimey....

Who was dumb enough to buy a Windows tablet?

In reply to a post by Joeletaxi:

Who was dumb enough to buy a Windows tablet?

Someone smarter than one who has bought an iPad, possibly.

I have no problems using my Microsoft Surface or Windows operating system, then again I do have a brain and I usually conduct myself professionally at work, I suppose if I was a bit of a moron then an iPad or android would suit me fine.

OK, I am probably upsetting someone on here that I like now, but seriously, I wouldn't buy an iPad anyday now, overpriced compared to Android and not as superior as Windows.

Edited by Pipexer (Thu 04-Jul-13 17:43:08)

In it's day the iPad was a good choice (the only real choice). Heck, I bought one for my son and one for myself. But I wouldn't buy one now. It would have to be a Nexus or one of the Samsung ones. Like most Apple products the iPad is part of history now - fondly remembered, but yesterday's technology. The share price says it all.

Aw, sweet. huddling together again.

Look, it isn't that you bought a Surface (although that is quite funny), but that you blather in about it the Apple forum.

STOP TROLLING.

Both of you.

I'm talking about Apple products in the Apple forum. Seems to be the right place, and the right topic, rather than irrelevancies about Windows tablets.

I think the trolling in this particular subthread was started by yourself and carlthebus.

There does seem to be rather a lot of trolling here. Mind you, I do seem to recall visiting and reading some clown saying the iPad would never catch on.

This is the first ever time I ventured into the Apple Forum - I don't make a habit of it. I've made some valid points on this thread, you haven't!

I think the problem is that people with a Pipex in their name seem to be a bit obsessive. I use Apple at home as it suits me down to the ground with integration of all my entertainment. At work, it is Microsoft, Lync etc make cheap global communication very easy. I have no real preference and see advantages of both.

In reply to a post by Joeletaxi:

I think the problem is that people with a Pipex in their name seem to be a bit obsessive.

Proof positive that we have a long-time member of the forums here hiding under another name in an attempt to decieve people as to his identity.

I've made some valid points on this thread

Where?

Since when was Nexus an Apple product

In reply to a post by ian_c:

Since when was Nexus an Apple product

Always

In reply to a post by BatBoy:

In reply to a post by ian_c:

Since when was Nexus an Apple product

Always

Well I suppose it was only a matter of time before the troll-in-chief would jump aboard...

You obviously missed my reference to an iPad and the discussion of possible alternatives. A relevant point in a discussion about the security of a particular tablet.

Too busy looking under imaginary bridges to actually read what is posted I guess.

/me waits for an in-depth explanation. The article lacks critical details.

Edited by Zadeks (Fri 05-Jul-13 12:12:19)

What business is it of yours who anybody is? Unless of course on the Electoral Roll you are listed as Mr AEP. Amateur Defectives are just that.

Let's assume none of my points are valid then... if so, where are your valid points in the thread? Otherwise, we can assume again that you are just as bad as me.