6

Supposedly, the BadUSB malware can infect any USB device. But I find this hard to believe since I don't see why most USB devices would have reprogrammable firmware and I find it even harder to believe that the iPhone could be vulnerable to this. Is there any evidence that the iPhone is or is not vulnerable to BadUSB?

Anders
  • 64,406
  • 24
  • 178
  • 215
user117279
  • 105
  • 5
  • 6
    BadUSB is a catch all term for any and all USB based malware attacks that aren't part of the main storage of the USB device but are in the USB devices firmware. And yes, such attacks have been demonstrated against iPhones: http://www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ this one is an exploit in the USB power negotiation. – ewanm89 Jul 13 '16 at 11:00
  • USB is complex protocol and can be used in many ways whatever the device is. – Aria Jul 13 '16 at 16:03

1 Answers1

1

It often isn't about reprogramming the firmware of an USB-device/gadget.

You might just create a USB device that looks like a charger, but is an evil device.

Example:

  • You want to attack a Windows computer with an USB-stick
  • You get an Arduino Leonardo, which can act as a keyboard, but has the size of an USB-Stick
  • You program the arduino to output the keystrokes to do the following things:
    • Open a command prompt
    • Activate remote desktop access with password "1234" on command line
    • Send IP address to the attacker(e.g. by opening a web page on the attacker's server)

This example was for Windows, but because iOS devices also support external keyoard and mouse they might also be vulnerable.

P.S.: Protection against such an attack might be done, e.g. by giving explicit permission for an external device before it is acccepted by the host.

nebulak
  • 390
  • 1
  • 9