Can you elaborate on this? What kind of phone? Android or iOS? Fully patched? What kind of infection? How did you discover it? How did you get rid of it?
There have been many jailbreaks available that only required plugging the phone in and running some program on the other end of the cable. There's been jailbreaks where all you needed to do was visit a website... Apple's security isn't as bullet-proof as some make it out to be.
So, is it plausible a malicious charging station could gain root and sideload something nefarious on an iPhone? Absolutely. Particularly for non-tech-savvy folks desperate to get a charge before their connecting flight...
Has it happened? ...No idea. I guess that's where the anecdotes come in...
My point was that the person who made the comment stating that they had an iPhone, the person I'm replying to went on to ask them if they had iOS or android
It’s been many years since I rooted (or even owned) an android phone but is there really no interaction from the user required beyond plugging it in? On iOS there’s a pop up asking if you want to trust the computer, and that’s after you’ve unlocked the screen
For a non-techy, the hurdles you just described are an annoyance in the way of getting a quick charge - not obvious security issues. After all, this charging station is operated by the amusement park/airport/conference/whatever... if it asks you to approve it why not?
And yes, in the past many iOS jailbreaks were shockingly simple. The website one in particular - you went to a URL and clicked a button... your phone rebooted and was jailbroken.
Your non-tech-savvy folks will pound through nearly any popup if they are desperate to get a charge before their connecting flight, for instance.
The popup really should be a toggle somewhere in the settings that forces a user to explicitly enable data - not a popup users are mostly self-trained into ignoring.
Additionally, real charging stations should not offer cables with data lines at all.
