![]() Zdziarski pointed out that if you have your "Require Passcode" setting turned to anything other than "Immediately," you're also vulnerable, because the phone will still be unlocked for a short time after you turn off the screen. Zdziarski noted that once a device is plugged in and unlocked, it grants data access to whatever computer it's connected to for the duration of the connection, even after the home screen appears to lock again.Ī recent study by Microsoft found that only about a third of smartphone users enable passcode locks. ![]() "If I have only a couple of seconds with your iPhone either unlocked, or just locked before a passcode is required, I can pair with your device (either via juice jacking, or with my iPad which runs a custom forensic imaging toolkit, or with my laptop) and instantly from that moment on have wireless access to all of your data whenever you are within network's reach of me," Zdziarski told TechNewsDaily. In other words, if a desktop or laptop has been connected to your iPhone once, it can connect to your iPhone forever - over Wi-Fi, or even over "a cellular network, if you were a government agency," as Zdziarski explained on his blog recently. ![]() "Once you establish a pairing record with a device over USB, it's possible to connect wirelessly to the device at any point in the future (until the user restores their device) and perform the same tasks (running the built-in packet sniffer, downloading personal data from the device, etc.) at any time and without the user's knowledge," he said. "Everyone in the community is already well aware that juice jacking is technically very easy to do."įurthermore, Zdziarski said, if the malicious charger does what he thinks it will, it could grant a hacker permanent access to an iPhone or iPad - thanks to the way iOS handles USB connections. ![]() "The talk does not appear to be anything particularly new, although I can only judge it based on the abstract," Zdziarski told TechNewsDaily. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."īoston-based security expert Jonathan Zdziarski, who designs iOS hacking tools for law enforcement, said he's long been aware that Apple devices are vulnerable to such attacks - and that the exploit the Georgia Tech researchers will show may be just the tip of the iOS-weakness iceberg. "Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," the briefing abstract posted on the Black Hat website said. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |