Juice Jacking Vulnerability for iOS

iOS Trust this computer Vulnerability

Imagine this, you are out for the afternoon and notice that your cell phone is almost out of battery.  You look around and find a public charging kiosk, where you are able to plug in via USB for a quick top up.  Unfortunately this time you fall victim to a “Juice Jacking” attack, which easily compromises your phone.  “Juice Jacking” as it is known is made possible as both data and power transmit on the same cable, and by injecting an arbitrary app into an iOS device (up to and including iOS6) through a USB cable (connected to a custom malicious charger or docking station), it is possible for a hacker to gain access to your phone. 

This attack vector may come up more often than people presume, as in this age, where business executives travel regularly and depend on access to their phones to respond to emails, check their schedule, and basic work functionality.  It has also caused panic amongst organizations using iOS devices causing internal policies being updated stating “Employees are now required to bring power cables and/or extra batteries on travel.   In addition, the use of public charging kiosks and are no longer permitted.

Currently, iOS is considered to be more secure than other mobile operating systems, based on security mechanisms including mandatory code signing, app sandboxing, and a centralized app store.  The problem here is that Apple has not implemented a means to deny a USB pairing request which is requested when the device is plugged in via USB.  Once the unlocked device is plugged into a malicious device it is presented with access to a significant amount of personal data and without the user’s permission and can also install hidden malicious software on the device in the same way Apple hides its own built in applications.  From here any host that understands the proprietary RPC communications protocol such as the one used by iTunes to communicate with the iOS device can directly query or modify the state of the client.  Worst of all, iOS device prior to an including iOS6 are vulnerable as this attack does not require a jailbroken device, or interaction from the user.

The safest way for charging your device is to use the Apple USB cable and power adapter supplied with the device or purchased directly from Apple.  There are also battery-powered mobile USB chargers which also work well. If you must use a random charging kiosk, the safest option may be to completely turn off your device prior to plugging it in.  The best defense against a compromised mobile device is user awareness. Keep your device charged, disable features not in use and turn down the screen brightness so the batter will last long and also enable the security features provided by the operating system. Avoid plugging your device into unknown charging stations and computers, the same way you avoid opening attachments from people you do not know.