Given the recent iOS update and iPhone announcement, a security group provides tips to fend off threats to your device.
Given the recent iOS update and iPhone announcement, Lacoon Mobile Security has released the top threats you should be aware of to your iOS devices.
iOS Surveillance and Mobile Remote Access Trojans (mRATs)
These attacks jailbreak a device, which removes all the built-in iOS security mechanisms, and install surveillance and mRAT software that gives the attacker the ability to remotely gain access to everything stored and flowing through the device. Attackers can jailbreak the device by physically obtaining access or by propagating the jailbreak code from a compromised computer through a USB cable. However, It may be the attacker doesn’t need to jailbreak the device themselves – device owners are quite notorious for their desire to jailbreak their own mobile phones and tablets.
Fake iOS Enterprise or Developer Certificates
These attacks use distribution certificates to ‘side-load’ an application (with malware), which means it doesn’t have to go through Apple’s app store validation process and can be downloaded straight onto the device. Apple provides two different third-party certificate types – developer and enterprise – to try to maintain the integrity of the apps in their store. Developer certificates allow developers to test their apps before they go public in the app store, while enterprise certificates provide organizations the opportunity to establish their own in-house marketplace for dedicated apps. Behind the scenes, iOS validates that each app is signed by a trusted certificate before allowing it. Problems occur when an attacker is able to obtain (e.g. by stealing or buying on the black market) a certificate for their malware. They can then lure the user to download their seemingly harmless app and unknowingly infect their device; because the app is accompanied by the certificate, it is validated and easily installed, without any iOS barriers.
Malicious iOS Profiles
These attacks leverage the permissions of a profile to circumvent typical security mechanisms to ultimately do almost anything. A profile is an extremely sensitive optional configuration file that can re-define different system functionality parameters, such as mobile carrier, MDM and network settings. A user may be tricked into downloading a malicious profile and, by doing so, unknowingly provide the rogue configuration the ability to re-route all traffic from the mobile device to an attacker-controlled server, further install rogue apps, and even decrypt communications.
WiFi Man in the Middle (MitM)
A MitM attack occurs when the device connects to a rogue WiFi hotspot. Since all communications are passed through the attacker-controlled network device, they can eavesdrop and even alter the network’s communication. MitM attacks have always been a concern for wireless devices, however, the prevalence of smartphones in an individual’s personal and business life has made mobile devices more attractive targets for this attack. Unfortunately, the typical alert and warning signs that individuals are used to seeing on PCs and laptops are much more subtle in their mobile counterparts.
WebKits enable web browsers to correctly render web pages for a user. Attackers will exploit vulnerabilities in a Webkit to execute scripts of their own. They are commonly used by attackers as a springboard for the remote infection of the device. An example of a WebKit was the popular iOS4 jailbreaking technique, named JailbreakMe. It took advantage of flaws in the Safari browser to enable users to jailbreak their device when they visited a dedicated website. To prevent malicious WebKit exploits requires a solution that can identify suspicious behavior and correlate activity with events on the device and network and then stop any data being sent to the attacker.
Zero-day attacks represent exploits of vulnerabilities that have been uncovered – but not yet released. With vulnerability researchers earning purportedly $500,000 per vulnerability, the race towards vulnerability exposure is in full throttle. Many times, these vulnerabilities lead to the silent installation of attacks, such as mRATs on a device through a remote exploitation technique. Once on the device, they may enable the attacker to steal passwords, corporate data and emails, as well as capture all keyboard activity (key logging) and screen information (screen scraping).