

Any iPhone can be hacked with a modified charger in under a minute - jvanderwal
http://www.geek.com/apple/any-ios-device-can-be-hacked-with-a-modified-charger-in-under-a-minute-1557142/

======
Centigonal
It's interesting how the progress of iPhone hacks is mirroring that of the PSP
homebrew scene 5 or 6 years ago. First there were a bunch of easy to use
vulnerabilities or hidden features in apps (like the hidden browser in
WipeOut)that provided functions that were offered natively in future versions
of the OS. Then the hacking scene moved to OS vulnerabilities. As Sony locked
down the platform tighter and tighter, people moved to hardware, using modded
batteries to boot the PSP in some kind of troubleshooting mode.

Eventually, both Sony and the hackers kind of lost interest, I think -- I
haven't kept up with things, TBH. That said, Sony had the PS Vita to move to,
but I don't see the iPhone changing significantly in the next few years (risky
words, I know, but I'll be happy if proven wrong).

------
jamesaguilar
Unfortunately, since it is a university research group, they probably
disclosed responsibly and whatever defect allowed this form of jailbreaking
will soon be fixed. That means that it's unlikely that people will have a
perennial, easy jailbreak going forward from this source.

~~~
nhm
>Unfortunately, since it is a university research group, they probably
disclosed responsibly and whatever defect allowed this form of jailbreaking
will soon be fixed.

I wouldn't consider that unfortunate. Responsible disclosure should be
praised!

~~~
jamesaguilar
In almost all circumstances, I agree. However, the one circumstance I don't
agree is when systems are being kept secure mainly against their own users. In
this case, insecure systems are preferable (as a user), especially when the
attack vector is likely to only be triggered intentionally. Since I don't plug
my iphone into random USB cables pretty much ever, the only likely case where
this vulnerability could be exploited against my phone is if I chose to
jailbreak it.

~~~
eridius
Please stop speaking in generics. I assure you that, for the vast majority of
iPhone users, insecure systems are _not_ preferable.

~~~
randyrand
You're right, but then again, I also like being able to run my own software on
my own devices.

If _secure_ means _closed_ well, that is not a trade off a lot of people are
not willing to make. Just take a look at the outrage from the Windows 8 secure
boot loader that can theoretically stop linux from being installed.

Personally, I like it when companies include some physical mechanism of
getting root access to the machine. Whether we have to get root access through
the charger port, or pressing F12 when the PC is booting, this mechanism will
by definition have to be a 'vulnerability.' Of course, root access in this
sense is referring to bootloader root access, not the operating system - that
would be bad. We can only assume which type of root access is being referred
to in the hack above.

~~~
eridius
_If secure means closed well, that is not a trade off a lot of people are not
willing to make_

You're living inside a tech bubble. The vast majority of iPhone owners don't
care about "open". They care about "it works". These people are benefited
greatly from having a "closed" yet secure system.

------
kyrias
With hardware access all bets are off.

~~~
ef4
Yeah, but I think this is a bit worse than that.

If a faulty ethernet driver lets you compromise a laptop just by plugging it
into a malicious network, that's a legitimate vulnerability, not really a case
of "well, they had physical access".

USB may be customarily treated as more trusted than ethernet, but there are
clearly still scenarios where untrusted people may be able to send you USB
messages.

~~~
bigiain
"Here, mind if I plug my video camera into your Firewire port to charge (and
trawl through your ram and swapspace looking for any usernames and
passwords)?"

------
djbender
Hardware access is root access.

~~~
cookingrobot
That rule of thumb usually refers to having unfettered access to the hardware
- to be able to crack it open, snoop on internal signals etc.

In this case the problem is that the dock is expected to be a safe interface
(untrusted), when it actually isn't. For ex, people would be surprised if
their computer could be hacked by plugging it into a malicious power socket.
And likewise they'll be surprised if they find out their phone can be hacked
by putting it on an alarm-clock ipod dock in their hotel room.

