Security researchers have made a rather astonishing discovery – some fake chargers may come packed with malware, which can then be installed on an iPhone as soon as the charger is connected to it.
Normally, iPhone charger contains electric circuits only. However, in the case of fake chargers, a small computer is fitted in its head. As soon as an iPhone is connected to such a charger, it is able to establish a USB connection with the smartphone. Apple has many iOS security measures in place to counter any malicious software.
But these fake chargers are able to overcome these measures by following a complex, and intelligent, process. Apple conventionally allows developers to deploy their own applications over iPhone, for testing purposes. In order to run these apps, developers must first seek a provisioning profile from Apple, which identifies the handset and the corresponding app that needs to be installed on it.
Using the same method, the fake charger reads UDID of an iPhone as soon as it is connected to the handset. Once it has the UDID, it sends it over to Apple’s official web page, prompting the creation of a provisioning profile. Once it has the provisioning profile in hand, it then uses it to install the malware on the smartphone.
One hurdle that stands in the way of this malware attack is that the iPhone has to be unlocked when connected to the fake charger, if the malware is to be installed. However, most of us do unlock our iPhone while charging, which means that the fake, malware-laden chargers pose a significant security threat for iPhone users.