The Next Time You Need to Borrow a Charger, Make Sure It Is Safe

You know how back in the day people were weary of plugging their USB flash drives anywhere because there was always a chance to get infected with a Trojan or something like that? With the increase of machines that run on legitimate operating systems, the chances of getting trash into your flash drive have dropped. However, we still need to be careful about what we plug into our devices or where we plug them in. Take the latest issue of Apple security: researchers have reported that it is possible to experience a personal data theft merely by charging your iPhone!

The benefits of USB-C

Before we get down to the story of how Apple charger is used to drop malware, we should talk a little bit about USB-C. We’re all familiar with USB cables and USB plugs by now, and in recent years, we have been witnessing a mass transition from USB Mini A to USB-C. The best way to tell the type of a connector system apart is by checking the connection socket. USB-C (or USB Type C) has a rotationally symmetrical connector that looks a little bit like a squished ellipse. That much you probably know by now.

USB-C was first introduced in 2014 and then adopted by the International Electrotechnical Commission (IEC) in 2016. Ever since then, this type of connector has gradually been introduced in mobile phones and laptops, arguably becoming the most popular connector across electronic devices that employ the USB system.

However, when something becomes popular, it is very common for someone to make use of that. The more people use some kind of service; the bigger is the chance that the service can get compromised by malevolent third parties. This is exactly what happened with the USB-C cables, and it’s also the reason Apple charger can be used to drop malware. But let us go back to the beginning to check this Apple security issue.

USB-C and Apple hacks

Although the USB-C type connector is famous for being a top interface for speedy connection, the ease of application also makes it a perfect attack vector. If an Apple charger gets modified by cybercriminals, it could easily deliver malware on the device that is using that charger, and the malware could eventually enable the criminals to steal personal and financial information.

The flaw in Apple security was revealed at a hacking convention in Las Vegas by a security researcher who calls himself MG. The problem in Apple chargers lies in the fact that hackers can change the internal power circuitry with their own hardware. Even if the charger gets tampered with, it still works just fine, and so it is hard to detect these modifications unless you are a security expert. Depending on what the hacker wants the charger to do, it can upload all sorts of malware on the target device – from rootkits to persistent types of infections.

What’s more, these modified chargers can be purchased for $200 each. It means that anyone could employ this cable to surreptitiously attack you. Of course, they would have to swap your cable with the compromised one, but it is very common to share USB cables these days, especially when the need to charge your iPhone is dire. Thus, if you plug your phone or your other device that is compatible with USB-C to charge through this compromised charger, you could soon lose your sensitive data. If that weren’t enough, this charger allows the attacker to remotely destroy the USB data, so they could hide all the traces of their malicious activity.

Does that mean it is solely an Apple security issue? Not really. According to MG, Apple cables are the hardest to hack, and so they started with the toughest nut on this one. However, it is obviously possible to modify USB-C cables and chargers for other devices as well, so it is not just an Apple security problem.

Here you might ask what cybersecurity authorities are doing if these hacked cables are available for sale out in the open? Well, what we have to understand here is that hackers who reveal Apple security and other flaws like that are there to help us solve these issues. In fact, cybersecurity experts believe that such modified cables can, later on, be used as actual security tools. So just because something can be used to steal information, it doesn’t mean that it cannot be applied the other way around.

How do users mitigate Apple security issues?

Although this problem is probably out there for security researchers to solve, there are always steps regular users can take to strengthen their data safety. For one, you should definitely keep your charging cable to yourself, and refrain from using USB-C cables offered by strangers at cafes, airports, and so on. Think about it like plugging your flash drive into an unfamiliar computer: you can never know what’s been there before you.

Also, considering the fact that this security flaw can be used to steal important information, it would be a good idea to avoid storing sensitive data on your phone or your notebook in plain text. For example, if you have a file where you store your passwords on your device, this kind of information could be easily stolen if someone hacked your phone through the modified charger.

Even with the charger out of the window, it’s still not a good idea to store such sensitive information on your device. If you must keep such information somewhere, it would be better to save it on an app that encrypts your data, and thus, makes it virtually impossible for hackers to access it. There’s a reason information shouldn’t be kept in plain text, and you definitely need to up your security game in the light of various security flaws.

At the end of the day, if you use original Apple products, such security flaws shouldn’t concern you directly. However, it is always a good idea to review your security habits if you want to ensure that your personal information is safe.

September 17, 2019

Leave a Reply