TMCnet News
Tech trio takes bite out of Apple securityJun 07, 2013 (The Atlanta Journal-Constitution - McClatchy-Tribune Information Services via COMTEX) -- Three computer security researchers at Georgia Tech are rattling Apple's cage, reporting that they have figured out how to hack into mobile devices such as iPhones and iPads through a USB charger. Chengyu Song and Yeongjin Jang, both doctoral students, and Billy Lau, a staff researcher at Tech's College of Computing, said they were able to bypass Apple software security and install "arbitrary software." The three plan to discuss their work -- which Tech says was done in the name of enhancing security -- at next month's Black Hat computer security conference in Las Vegas. A Tech spokesman on Thursday said the trio won't be commenting until then. A preview of their work on the Black Hat website calls their ability to hack into Apple devices in less than a minute "alarming." It's unclear, however, how serious or widespread the threat is to Apple mobile device users. "We have notified Apple of the specifics of our work and wish to give the company adequate time to consider our findings," Tech said in a statement Thursday to The Atlanta Journal-Constitution. Jason Maderer, a Tech spokesman, said the researchers so far haven't heard from Apple. "They have a policy when they are working on a company's products or looking to hack a company's products for research purposes, they reach out to the company and give them a heads up," Maderer said. Computer and mobile device users big and small, from multinational banks to students, face a constant threat from hackers who can gain unauthorized access to networks and steal sensitive data, including passwords, bank account numbers, Social Security numbers and birthdates. Attacks include infections from malware that affect computer performance. Major banks, for example, have been bombarded with "denial-of-service" attacks that prevent customers from accessing accounts. Apple products have generally enjoyed a reputation for less vulnerability to hackers and viruses. Earlier this year, the company tightened security to block unauthorized changes to iCloud and iTunes accounts. The new measure involves a two-step verification that makes IDs for user accounts more secure. But Apple has also been the target of hackers, who were able to bypass the company's restrictions on non-company software installations and install their own software earleir this year. "Every organization is getting hacked multiple times a day," saidTino Mantella of the Technology Association of Georgia. "It's an ongoing process of trying to figure out where the hole is and trying to plug the dike." He said Atlanta is a leader in cyber security research, with institutions like Tech and local companies, including AirWatch and Dell Secureworks, that specialize in network security. The Tech researchers' have different specialties, accoring to their Tech bios. Song's is malware analysis and prevention. Jang specializes in security for operating systems and mobile security. Lau is primarily interested in information security for hypervisors -- multiple operating systems that run concurrently on a host -- and user applications. Song, a second-year Ph.D. student, has a bachelor's degree in computer science and master's degree from Peking University in China. Jang, also a second-year doctoral student, has a degree in computer science from the Korea Advanced Institute of Science and Technology in South Korea. Lau received his bachelor's in computing engineering from the University of Illinois at Urbana-Champaign and master's in engineering in computer science from the University of Michigan. In the Black Hat conference preview, the researchers said they constructed an "innocent-looking" malicious USB charger with readily available computer technology. They call their charger Mactans, taken from Latrodectus mactans, or the black widow spider. "Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software," the preview says. At the July 27-Aug. 1 Las Vegas conference, the trio plan to describe how the malicious USB technology can bypass Apple's existing security measures and "how an attacker can hide their software in the same way Apple hides its own built-in applications." They also plan to recommend ways users can protect themselves and even provide tips to Apple on ways the Cupertino, Calif., company can make it difficult for hackers to accomplish what they have. ___ (c)2013 The Atlanta Journal-Constitution (Atlanta, Ga.) Visit The Atlanta Journal-Constitution (Atlanta, Ga.) at www.ajc.com Distributed by MCT Information Services |