Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Biggest iPhone Security Risk Could Be Connecting One To a Computer

timothy posted about 2 months ago | from the seems-an-obvious-hole dept.

IOS 72

angry tapir (1463043) writes Apple has done well to insulate its iOS mobile operating system from many security issues, but a forthcoming demonstration shows it's far from perfect. Next Wednesday at the Usenix Security Symposium in San Diego, researchers with the Georgia Institute of Technology will show how iOS's Achilles' heel is exposed when devices are connected over USB to a computer or have Wi-Fi synching enabled. The beauty of their attack is that it doesn't rely on iOS software vulnerabilities, the customary way that hackers commandeer computers. It simply takes advantage of design issues in iOS, working around Apple's layered protections to accomplish a sinister goal.

Sorry! There are no comments related to the filter you selected.

Pray BlackBerry sticks around (2, Insightful)

Rigel47 (2991727) | about 2 months ago | (#47670351)

Otherwise there is literally no secure mobile phone platform out there for the masses.

Or dumbphones (1)

tepples (727027) | about 2 months ago | (#47670389)

Which dumbphone brands have had published security vulnerabilities over the past half decade?

Re:Or dumbphones (2)

pak9rabid (1011935) | about 2 months ago | (#47670703)

Who's given enough shit about them to discover and publish them?

Re:Or dumbphones (0)

Anonymous Coward | about 2 months ago | (#47670759)

Does this count: http://www.theregister.co.uk/2011/03/21/sms_of_death_explained/?

Re:Or dumbphones (2)

Bugamn (1769722) | about 2 months ago | (#47670845)

It doesn't help to have no security vulnerabilities if it also doesn't have the desired functionalities. Why don't we all go back to talking only face to face? It's not practical.

By the way, someone down said that Merkel's 6210 was hacked. Isn't this one a dumbphone?

Re:Pray BlackBerry sticks around (1)

thieh (3654731) | about 2 months ago | (#47670391)

Replicant the phone OS?

Re:Pray BlackBerry sticks around (2)

AlecDalek (3781731) | about 2 months ago | (#47670393)

Didn't Angela Merkel's Blackberry get hacked by the NSA?

Re:Pray BlackBerry sticks around (1)

Rockets84 (2047424) | about 2 months ago | (#47670491)

No, it was a Nokia 6210 at first, they were doing it back in 2002. A Blackberry z10 is what she was given with Secusmart Micro-SD card with extra security features after the revelation. Blackberry has since acquired Secusmart & Germany has ordered 10000 of this combo for Government use.

Re:Pray BlackBerry sticks around (2, Funny)

Anonymous Coward | about 2 months ago | (#47670573)

Blackberry has since acquired Secusmart & Germany

My hobby: terminating sentences prematurely

Re: Pray BlackBerry sticks around (0)

Anonymous Coward | about 2 months ago | (#47670725)

So you're just a premature kinda guy?

Re:Pray BlackBerry sticks around (1)

AlecDalek (3781731) | about 2 months ago | (#47671299)

So the standard issue Blackberrys aren't secure from the NSA, they need the added Secusmart protections. Hopefully Blackberry will integrate these protections into the standard Blackberrys. Since Blackberry finally has an actual real CEO, I'm sure it will happen.

Re:Pray BlackBerry sticks around (4, Informative)

sasparillascott (1267058) | about 2 months ago | (#47670443)

Not really (at this point), at the recent BlackHat some researchers demonstrated how they could remotely compromise a Blackberry.

http://www.accuvant.com/about-... [accuvant.com]

Another great article that talks a little about that instance with Blackberry and another smartphone platform designed for security as well:

http://arstechnica.com/securit... [arstechnica.com]

Re:Pray BlackBerry sticks around (1)

Rigel47 (2991727) | about 2 months ago | (#47670699)

That's an issue with carrier code, not bberry.

And as to this line

Dependent upon device and carrier, when exploited the vulnerabilities in this control software may enable attackers to install malicious software; access data; add, delete and run applications; wipe a device; and remotely change the PIN for the screen lock, among other items.

I'm highly skeptical they could alter the OS. BlackBerry devices will not run firmware code that is not signed by BlackBerry itself.

Re:Pray BlackBerry sticks around (1)

Anonymous Coward | about 2 months ago | (#47670915)

To little items you forgot

"The vulnerabilities discovered by the pair impact Android, Blackberry and a small number of iOS-based devices, with risk varying by carrier and device make and model."

“Carriers embed control software into most mobile devices so that they can configure phones for their networks and push over-the-air firmware updates,” said Ryan Smith, Accuvant vice president and chief scientist. “Our researchers – Mathew Solnik and Marc Blanchou – found serious security vulnerabilities in the carrier control software used in a large number of cell phones across platforms and carriers.” - See more at: http://www.accuvant.com/about-us/press-releases/accuvant-discloses-cellular-phone-software-vulnerabilities-provides-end-user-guidance#sthash.T58kXbvg.dpuf

Re:Pray BlackBerry sticks around (0)

Anonymous Coward | about 2 months ago | (#47674049)

It's a good thing the phones allow the carrier software in the baseband to have full access to the file system!

Because we would hate for the hackers to have any difficulty whatsoever hacking a device once they have access to the control software.

(Protip: if you want to call your device secure, you don't want to let a third party have full access to your storage to subsequently hack your device.)

Re:Pray BlackBerry sticks around (1)

phantomfive (622387) | about 2 months ago | (#47670789)

Blackberry is not secure.

Pretty obvious? (0)

Anonymous Coward | about 2 months ago | (#47670367)

I feel like that's obvious... sort of like it's easier to assalt somone when they have their pants down.

Not really... (0)

Anonymous Coward | about 2 months ago | (#47670435)

Not really ... how long does it take to exploit? Less than a minute. If you're not a target, well, then, okay. But this takes less than 30 seconds if you're worth targeting, or your computer being compromised by a botnet if you're not individually worth targeting. Decently prep'ed dongle and your phone is compromised in the time it takes the pickpocket to grab it, then catch up with you and say "excuse me, you dropped this".

Minor detail glossed over in the headline (5, Insightful)

Anonymous Coward | about 2 months ago | (#47670387)

Stopped reading at "Their attack requires the victim's computer to have malware installed".

If you create a trusted connection between your computer and your iPhone, it's a trusted connection. If you don't trust your computer, you shouldn't use it to make a trusted connection to other devices. It's really just that simple.

Re:Minor detail glossed over in the headline (4, Interesting)

Anonymous Coward | about 2 months ago | (#47670829)

No. The phone should display a notification if an application is side loaded over USB. It shouldn't be possible to install an application without the user's knowledge. Trusting the connection should merely allow the phone and the computer to communicate. It should not allow remote control of the device.

Re:Minor detail glossed over in the headline (5, Informative)

tlhIngan (30335) | about 2 months ago | (#47671267)

No. The phone should display a notification if an application is side loaded over USB. It shouldn't be possible to install an application without the user's knowledge. Trusting the connection should merely allow the phone and the computer to communicate. It should not allow remote control of the device.

Technically, the application is signed by Apple still. Or it's self-signed using a developer certificate (which only gives you 100 devices once a year - you can freely add devices up to that 100 limit, but after that, you can only change their device IDs once a year.).

The hack is effectively being able to install a provisioning profile to allow an unsigned app to run. The provisioning profile is signed by Apple, so it's either an enterprise or developer profile.

At the same time, it works by hijacking the iTunes connection to do so.

In other words, all that's going ot happen is Apple is going to ask for confirmation to install new provisioning profiles. Doesn't matter when you ask since the profile is required to run the unsigned app - you can ask at the beginning, at the end, in the middle, or when the app is attempted to be run.

(Provisioning profiles also expire after a certain amount of time - after which the app will NOT run. And the user is free to remove them at any time. None of this is any protection though).

Though, provisioning profiles are tracable to the original account that had them made, and since they cost $99, that makes the attack far less easy than it appears because if you do this, it's traceable to the person who paid for it.

Granted, developers have been warned to keep their provisioning certificates safe because a fair bit of malware does target ripping them off.

Re:Minor detail glossed over in the headline (2)

maccodemonkey (1438585) | about 2 months ago | (#47673313)

No. The phone should display a notification if an application is side loaded over USB. It shouldn't be possible to install an application without the user's knowledge. Trusting the connection should merely allow the phone and the computer to communicate. It should not allow remote control of the device.

It DOES display a notification when a computer attempts to establish a link, along with requiring user confirmation.

Re:Minor detail glossed over in the headline (1, Informative)

gtall (79522) | about 2 months ago | (#47670833)

Thanks for that bit of useless advice. I'll now ascertain whether any computers I need to connect with have malware installed, then I'll be safe.

Hint: classical logic presumes you have complete knowledge of the world. Use it with care.

Re:Minor detail glossed over in the headline (1)

Anonymous Coward | about 2 months ago | (#47671315)

You sync your phone with random computers, or what?

Re:Minor detail glossed over in the headline (0)

Anonymous Coward | about 2 months ago | (#47674317)

Probably not. But your comment is merely stupid if the GP syncs with unknown computers. After all, the client should be able to do that if that's their need and they maintain basic precautions. It's hella stupid if they do not sync with unknown computers..

Re:Minor detail glossed over in the headline (0)

Anonymous Coward | about 2 months ago | (#47677927)

Basic precautions like "before giving this computer read/write access to my phone let me make sure it isn't full of malware"? I mean, duh. Why would you even need to give an unknown computer full access to your phone?

Re:Minor detail glossed over in the headline (0)

Anonymous Coward | about 2 months ago | (#47670911)

Oh yeah, so simple.

In war if you simply avoid bullets you won't get shot

Re:Minor detail glossed over in the headline (2)

Darinbob (1142669) | about 2 months ago | (#47671771)

What's scary to me is that a "trusted connection" is pre-installed! I was amazed that I could plug my phone into a Windows computer and it would automatically mount it and install drivers. Every other thing in the world I plug in would have Windows ask me first if I wanted to install, and I have all auto-play turned off. But because there was a signed driver Windows decides against my will to install it. I don't care if Microsoft thinks the certificate chain is safe, I do NOT want Windows to install anything without my permission!

In the Mac, every single time I plug in the phone to charge it it mounts a disk and pops up a window asking me to install. And every single time I cancel it and manually eject the volume. Annoying as hell (but at least it asks). That's how malware shows up, eventually someone clicks "yes".

Re: Minor detail glossed over in the headline (1)

buchanmilne (258619) | about 2 months ago | (#47671945)

On Android, access to the contents of the device requires the screen to be unlocked. Does iOS also require this?

(Access to the device without installing drivers isn't an issue, but the computer OS should prompt before automatically mounting the device too, which I believe Linux does but Windows doesn't).

Re: Minor detail glossed over in the headline (1)

tlhIngan (30335) | about 2 months ago | (#47672983)

On Android, access to the contents of the device requires the screen to be unlocked. Does iOS also require this?

On iOS, it's the same - if you want to see your photos or other content, you have to unlock the phone (or slide to unlock if you don't have a passcode).

HOWEVER, I think if you plug in your phone for a sync (with iTunes to backup/install/etc), you don't get that as long as the connection was established as a trusted connection. (Plug into a new computer and it will charge, but not establish communications until you dismiss the dialog which requires unlocking the phone).

Not sure what happens if you have a passcode if you need to unlock it first to sync.

Re:Minor detail glossed over in the headline (0)

Anonymous Coward | about 2 months ago | (#47674271)

Simple? Really? You are aware that most malware conceals it's existence, right? So how do you even know if you trust your computer?

In fact this is the very problem with the notion of a "trusted" anything. Trusted computer, trusted connection, Trusted Platform Module. In whom or what do you place your trust? How much verification is enough? If A trusts B, and B trusts C, is it then appropriate that A trusts C? Can C trust A?

Truth is, trust is a continuum, not a state of being. I trust systems and people contingent upon various prerequisites. However I also modify my trust levels based upon operational feedback and ongoing evidence that the system or people continue to be trustworthy. Or not.

Developer Access? (3, Interesting)

Ronin Developer (67677) | about 2 months ago | (#47670421)

To my knowledge, to utilize an iOS device with developer provisioning profiles, you have to enable the device for development access via XCode.

Even with an ad-hoc distribution, the device must be listed in the provisioning profile with the exceptions being enterprise and app-store apps.

Did this attack vector circumvent these protections? Or, was he using iOS devices configured for development and, thus, not a real-world attack?

Re:Developer Access? (1)

Doug Otto (2821601) | about 2 months ago | (#47670483)

That was my thought as well.

Apples dont get viruses rehashed ? (-1, Troll)

Saint Gerbil (1155665) | about 2 months ago | (#47670425)

I seem to remember Apple saying previously that "Macs' don't get viruses" now "IOS doesn't get viruses".

Any platform "doesnt get viruses" as long as its market share is small enough that most virus writers will ignore you.

When you get the market share then your fair game the the exploits which have been there since day 0 come out.

Re:Apples dont get viruses rehashed ? (1)

Rockets84 (2047424) | about 2 months ago | (#47670511)

For the love of God, it's iOS when talking about Apple devices. IOS is a Cisco OS. This really irks me for some reason when this mistake is made.

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47670633)

My one is where people refer to Apple computers as MACs instead of Macs. Especially when they do that while writing about something to do with networking,

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47670705)

Aaay, what's you problem, Mac? Your Mac's MAC mackin' on you network like a Mack truck?

Re:Apples dont get viruses rehashed ? (0, Insightful)

Anonymous Coward | about 2 months ago | (#47670769)

Then maybe Apple shouldn't have named their OS after a well established piece of network software.

Re:Apples dont get viruses rehashed ? (1)

Anonymous Coward | about 2 months ago | (#47671375)

Why are you capitalizing apple? It's a well established piece of fruit.

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47671377)

Then maybe Apple shouldn't have named their OS after a well established piece of network software.

Well established is not well known. Cisco IOS is only known in a niche. Members of the niche can deal with IOS v iOS. Well, except maybe the less stable angry little members of the niche.

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47670871)

Cisco does not have a monopoly on the letters I, O, and S in sequence. Whee! [wiibrew.org]

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47671141)

This really irks me for some reason when this mistake is made.

Direct the blame at Apple, they have an ongoing habit of steamrolling existing trademarks whenever they release a new product ( some older than 20 years ).

Re: Apples dont get viruses rehashed ? (0)

arkane1234 (457605) | about 2 months ago | (#47672775)

Actually, the term 'iOS' no matter how its cased, is used as a general term now for most any operating system in an appliance or phone. Yes, Cisco was the first to use it, but IBM was the first to use "PC", and dos used to stand for disk operating system before Microsoft and the Internet. Like it or not, it happens.

Faulty memory (0)

Anonymous Coward | about 2 months ago | (#47670663)

Your memory is faulty then.

Just like the "640K should be enough for everyone" statement that no one has proof for and Gates denies but that everyone quotes.

Re:Apples dont get viruses rehashed ? (0)

Anonymous Coward | about 2 months ago | (#47670749)

I don't know about that. Suffices to design your platform with security in mind, and to make a few key OS components bug-free, and viruses will be impossible.

Another "no shit" security "hole" (5, Insightful)

Anonymous Coward | about 2 months ago | (#47670467)

if you connect you iDevice to a computer, unlock your device, and explicitly tell your device that the computer is trustworthy... The computer is able to install apps and interact with the filesystem on your device! Who would have thought?

Re:Another "no shit" security "hole" (0)

Anonymous Coward | about 2 months ago | (#47670981)

It's a Timothy story. You were expecting more?

Well insulated? That's debatable... (0)

Anonymous Coward | about 2 months ago | (#47670499)

I would say that Apple hasn't really done well in insulating iOS from security issues when almost every iOS release has been jailbroken at most within 4-5 months of each release of the mobile OS. Once Jailbroken, almost every aspect of iOS can be changed/configured and unsigned code can be executed.

Re:Well insulated? That's debatable... (2)

Ronin Developer (67677) | about 2 months ago | (#47670565)

What a crock comment. Clearly an Apple Hater.

if someone, with the necessary skills, wants to expend sufficient time and effort to decompile the OS looking for a way to get in and/or alter the image, they will eventually succeed.

Given that the OS is downloadable AND the fact that it still took 4-5 months to jailbreak it I think, in and of itself, is pretty amazing. Jailbreaking a device requires someone determined to do it - it's not done over the air by somebody without physical access to the device.

Re:Well insulated? That's debatable... (2)

Tangential (266113) | about 2 months ago | (#47670609)

Its also very hard to remotely jailbreak the phone of another user that you don't have physical access to and expose vulnerabilities such as ssh login.

Re:Well insulated? That's debatable... (1)

harperska (1376103) | about 2 months ago | (#47673151)

There was one iOS version (4.something) that was vulnerable to drive by jailbreaking, though. If I remember, the only known exploit in the wild was a website for the purpose of intentionally jailbreaking that installed Cydia as well as a patch to close the vulnerability. Ironically, at the time the only way to properly secure your iPhone against the vulnerability was to let it be hacked by that website first.

I remember going to an Apple store and installing Cydia on all of the iPhones on display there via that website. Fun times.

Re:Well insulated? That's debatable... (2)

BaronM (122102) | about 2 months ago | (#47670577)

Once you intentionally circumvent the security of the 'walled garden', I don't think you get to complain about vulnerabilities anymore.

To go with the ever-popular car analogy:

If a guy with a screwdriver is able to start my unmodified car without the smart-key being present, that is a security flaw.

If I modify my car to bypass the 'smart-key is present' requirement to start it, I don't get to complain when my car is stolen by some guy with a screwdriver.

Re:Well insulated? That's debatable... (0)

Anonymous Coward | about 2 months ago | (#47670681)

Once you intentionally circumvent the security of the 'walled garden', I don't think you get to complain about vulnerabilities anymore.

To go with the ever-popular car analogy:

If a guy with a screwdriver is able to start my unmodified car without the smart-key being present, that is a security flaw.

If I modify my car to bypass the 'smart-key is present' requirement to start it, I don't get to complain when my car is stolen by some guy with a screwdriver.

No, but the guy who owns the car you stole certainly does get to complain.

Re:Well insulated? That's debatable... (1)

Joe_Dragon (2206452) | about 2 months ago | (#47670917)

what if you want to put your own radio in? get a oil change or replace the battery with having to go to the dealer?

What is what jail braking is to a car and if that makes it so that someone can steal your car with a screwdriver then you should be able to complain.

Droid does what iDon't (4, Insightful)

tepples (727027) | about 2 months ago | (#47671201)

Then buy a car of a different make that is less hostile to third-party radios or third-party oil changes.

Re: Droid does what iDon't (1)

arkane1234 (457605) | about 2 months ago | (#47672807)

They're all fords though :(

Re:Well insulated? That's debatable... (0)

Anonymous Coward | about 2 months ago | (#47673409)

What is what jail braking is

Your logic is rivaled only by your mastery of the written word.

Nope (0)

Anonymous Coward | about 2 months ago | (#47670517)

CVEdetails and the recent influx of Apple vulnerability articles would like to disagree.
Every software is exploitable, the only question is whether it is worth it in accord to the market percentage and what areas of business and technology it is utilized in.

Re:Nope (1)

RyuuzakiTetsuya (195424) | about 2 months ago | (#47670677)

int main() {
return 0;
}

exploit THAT.

HAHAHAHAH.

Re:Nope (0)

Anonymous Coward | about 2 months ago | (#47671007)

Depends on the C compiler.
If your compiled introduces some hidden behavior you might still be surprised...

Any source code can be hacked, its been proven ... (1)

perpenso (1613749) | about 2 months ago | (#47671495)

int main() {
return 0;
}

exploit THAT.

HAHAHAHAH.

Its been done. Seriously, it has.

"It describes a backdoor mechanism based on the fact that people only review source (human-written) code, and not compiled machine code. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job.
Thompson's paper describes a modified version of the Unix C compiler that would:
Put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and as a twist
Also add this feature undetectably to future compiler versions upon their compilation as well."
http://en.wikipedia.org/wiki/B... [wikipedia.org]

The bigest threat? Really? (1)

bobbied (2522392) | about 2 months ago | (#47670521)

Here I thought the biggest security threat was turning the device on.... Second to actually having the device on your person, followed by putting it on the charger.

If the device is totally discharged and not running, there is no threat beyond getting mugged for having it.

Charging-only cable adapters (3, Interesting)

davidwr (791652) | about 2 months ago | (#47670539)

This is one reason why charging-only cables or cable adapters which do not carry the "data lines" should be cheap and just as widely-available and widely-marketed as other USB cables.

Bonus points if they are transparent so the end user can visually verify that the only connected lines are the power and ground lines.

OBDIYHACK: http://www.instructables.com/i... [instructables.com]

Sinister goal (1)

Sarten-X (1102295) | about 2 months ago | (#47670647)

It simply takes advantage of design issues in iOS, working around Apple's layered protections to accomplish a sinister goal.

...Improving the ambidextrous [stackexchange.com] use of the device?

"Vulnerability" and "design issues" are not excl.. (1)

wonkey_monkey (2592601) | about 2 months ago | (#47670669)

The beauty of their attack is that it doesn't rely on iOS software vulnerabilities, the customary way that hackers commandeer computers. It simply takes advantage of design issues in iOS

Then the design issue is a vulnerability, surely?

Re:"Vulnerability" and "design issues" are not exc (1)

Anonymous Coward | about 2 months ago | (#47670831)

The beauty of their attack is that it doesn't rely on iOS software vulnerabilities, the customary way that hackers commandeer computers. It simply takes advantage of design issues in iOS

Then the design issue is a vulnerability, surely?

Not really.

They're basically saying that, if (A) you've set up your phone to sync with your PC, and (B) your PC gets cracked/infected, then your phone can also be cracked/infected.

It's a vulnerability in the way that doing a series of stupid things in succession is always a vulnerability.

jailbreak? (1)

kick6 (1081615) | about 2 months ago | (#47670925)

Can this be used to jailbreak iphones? That's all I care(d) about.

Re: jailbreak? (1)

arkane1234 (457605) | about 2 months ago | (#47672831)

You're new to the jailbreaking scene, I see.

Apple does not done "well" in the security aspect (0)

Anonymous Coward | about 2 months ago | (#47671023)

This line is pure bullsh*t. Time and time again, iOS is jail broken within hours or days of a release. Other OS (i.e QNX, Blackberry, SE Linux, ...) security focused mechanisms are done correctly. Apple has repeatedly dropped the ball in this regard.

Re:Apple does not done "well" in the security aspe (0)

Anonymous Coward | about 2 months ago | (#47672731)

But all jailbreaks require a full reset of the device. No user data survives a jailbreak.

Re: Apple does not done "well" in the security asp (1)

arkane1234 (457605) | about 2 months ago | (#47672843)

Anything can be jailbreaked if you have full physical access to the operating system and the hardware, Jesus.
It's not rocket surgery.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?