The attack takes advantage of design problems in iOS in which for some reason the Apple geniuses believed that they should trust anyone who connects to the phone with a USB,
Tielei Wang, a co-author of the study and research scientist at the institute said that Apple overtrusted the USB connection.
It all started when Wan and his team developed some malware called Jekyll, an iPhone application with well-masked malicious functions that passed Apple’s inspection and briefly ended up on its App Store.
However, that was not good enough, as it was pointed out that no one could see his or her malware in the huge App store.
Wang said they set out to find a way to infect a large number of iOS devices and one that didn’t rely on people downloading their malicious app. The attack required the use of “botnet herders” to install malware onto PCs.
Apple requires a person to be logged into his account in order to download an application from the App Store. Wang and the researchers developed a man-in-the-middle attack that tricked the Apple device that’s connected to a computer into authorising the download of an application using someone else’s Apple ID.
As long as the application still has Apple’s digital signature, it does not even need to still be in the App Store and can be supplied from elsewhere.
To stop Apple refusing to publish the malware on its App store Wang’s team found they could sneak a developer-provisioning file onto an iOS device when it was connected via USB to a computer.
This allows a self-signed malicious application to be installed. Legitimate applications could also be removed and substituted for look-alike malicious ones. All this can be done without a user knowing.
While it sounds convoluted, it is worthwhile if you are attempting to take over a large number of iOS devices.
It is also worthwhile if you are state-sponsored hackers wanting to carry out a targeted attacks aimed at just a few users.
Apple has known about the problem for nearly a year now and is yet to fix it. At the moment, Wang said, the best advice is to not connect your phone to a computer, especially if you think the computer might be infected with malware.