I am sure Windows and Android devices may be susceptible to the same sort of attack. My point was not to mock apple in particular, just point out that clearly, these devices are not 100% secure and as mentioned previously, the attitude that they are is very concerning indeed.

...or even a broken, or second, charger. I agree that there should be no place for third-party chargers for any device. Unfortunately, the market doesn't recognize that lack of need.

You would think this vulnerability could be easily fixed by an update to the OS or firmware... so, probably nothing to worry about (until the next exploit comes round of course!)

Apple are not noted for fixing security issues quickly, but hopefuly they have learnt from the past.

A manned moonlanding is also demonstrably possible. I don't see hackers lining up to do it. I rather suspect that the same sort of expensive hardware based hack can work on any USB host device regardless of format (Phone, Mac, PC, Tablet or Toaster) or the OS deployed on it.

I rather suspect that the same sort of expensive hardware based hack can work on any USB host device

Yes, but no-one gives two hoots if other platforms are vulnerable. There's no click bait without Apple (and, let's face it, Black Hat's track record of tilting things to make Apple kit look more vulnerable than it really is scarcely counts as news itself)

Still, it helps keep track of who the witless trolls are, I suppose.

I am fairly sure that PCs (edit - the OS at least) are immune (or at least nothing in the public domain) to any of this stuff. Of course, that does not mean it is immune from an offline attack etc, but that is not comparable to what this is.

The seriousness of this is actually quite considerable, but as its only a proof of concept and as I suspect can be corrected by firmware or OS update, storm will probably blow over.

The "I told you so" element is because the charging and data transfer is integrated into the same connection. if it was separate it wouldn't be an issue because it goes without saying if you plug a USB stick into your computer that is dubious you are asking for trouble, whereas it is second nature to plug a charging cable into your iPad that you do not own, i.e., in a coffee shop or whatever - and actually encouraged as part of it being portable etc. As soon as manufacturers go down the line of integrating charging with data transfer, they need to make damn sure this situation cannot happen.

tbh - not enough info from the article to make a judgement, but this is where Apple and their "we control the hardware" attitude comes back to bite them, whether it is a vulnerability in the hardware, firmware, OS or whatever, they made it, their problem.

Edited by Pipexer (Wed 05-Jun-13 00:14:45)

In reply to a post by ian_c:

I rather suspect that the same sort of expensive hardware based hack can work on any USB host device

Yes, but no-one gives two hoots if other platforms are vulnerable.

Erm, yes they damn well do!!! Apple is the least picked on company out there! Mainly because the platform is more micky mouse than the others, sorry to upset you, but that's fact. Let's face it, there is more important data out there stored on Linux and Windows systems than is stored on iOS devices.

In reply to a post by ian_c:

Still, it helps keep track of who the witless trolls are, I suppose.

Sounds like sour grapes to me.

Edited by Pipexer (Wed 05-Jun-13 00:24:33)

In reply to a post by Pipexer:

In reply to a post by ian_c:

Still, it helps keep track of who the witless trolls are, I suppose.

Sounds like sour grapes to me.

I must admit I'm not sure who he is referring to. In my case, having sod all knowledge of any Apple issues, I picked up what looked to me as an interesting article that I thought might be a useful heads up for anyone using Apple USB-charged devices.

It seems possible he didn't see it in that light. That would be a shame.

I'm sure it is not aimed at you, probably me due to my initial comment, but interestingly ian_c has not put down any better discussion around the topic than I have now. If I wanted to drag up past posts from FC on the matter of "witless" comments I could but got better things to do. I think someone is just a bit upset that there is a valid vulnerability in an Apple product, and yes, the blame IS on apple. Windows and Linux users just accept the fact that the products have vulnerabilities (but are for the most part are secure) and just get on with it, rather than living in a pretend world.

Another witless comment, perhaps: http://www.zdnet.com/blog/security/kaspersky-apple-1...
(as it happens, I don't actually agree with it being as much as 10 years, but its not far off...)

Edited by Pipexer (Wed 05-Jun-13 00:48:12)