Security researchers have found out that just plugging your Apple gadgets into your computer can be really dangerous. They were trying to find out ways to infect an iPhone with malware to prevent cybercriminals from doing it in the future.
The researchers from Georgia Institute of Technology have already created a malware app called Jekyll that made its way onto the App Store. Then they wanted to find a way hackers could infect even more gadgets. The hack uses a gadget's USB connection to the computer to install viruses.
Before your gadget can be infected, your computer needs malware first. But, the researchers found that there are plenty of infected computers out there for sale from "botnet herders." These people infect a bunch of computers and then sell access to the highest bidder. Once your computer is infected, your gadget is at risk.
Apple requires a person to be logged into his account in order to download an application from the App Store. But Wang and the researchers developed a man-in-the-middle attack that can trick an Apple device that's connected to a computer into authorizing the download of an application using someone else's Apple ID.
The researchers found they could then use developer certificate's from Apple to create malware apps that are trusted by the computer and your iPhone. They could also replace apps already on your phone with fakes that actually include dangerous viruses. The malware could then steal important info from your gadget, like login cookies for Gmail or Facebook.
The hack was tested on iPhones, but it could probably work on iPads too since it's just using a flaw in Apple iOS and a gadget's computer connection. Apple has made some changes to fight against attacks like this. You'll now see a warning when you plug into a new computer letting you know that you should only use your gadgets on trusted computers.
To protect yourself from an attack like this, make sure your computer is malware-free. Head over to my Security Center to find software that can help you out.