iPhones, iPads ripe for the picking

iPhones, iPads ripe for the picking

USENIX Security Symposium: Georgia Tech researchers show how PC botnets could infect iOS devices to steal passwords.

Attackers could compromise iPads and iPhones on a large scale through the infected computers that make up botnets, researchers say.

Nearly a quarter of zombie computers that make up certain known botnets eventually connect with Apple iOS devices, making these phones and tablets vulnerable to infection from malicious applications, a team from Georgia Institute of Technology said last week at the 23rd USENIX Security Symposium.

+[Also on Network World: Office for iPad could have security implications both good and bad; Researchers demo how apps, chargers can circumvent Apple iPhone, iPad security]+

Attackers would install malicious applications on the iOS devices when they connect to infected PCs via USB cable or Wi-Fi, says the team led by Tielei Wang. The apps would steal passwords and other personal information.

Generally, iOS apps must come from the App Store and have been vetted, but in the past malicious apps have gotten under the radar until users discovered they were malicious, and then Apple dropped them from the store, the researchers say. Placing them in the store could be done again, and bot computers could download them before they were dropped.

Then when an iOS device attached to the bot computer, the bot would download the app onto the phone or tablet.

As a rule iOS devices will accept only those apps that are bound to their Apple ID. But the phones and tablets would accept the apps from the bot because iTunes running on the bot would be allowed to make the transfer. As the researchers put it, "Specifically, when an iOS device with Apple ID B is connected to iTunes with Apple ID A, iTunes can still sync apps purchased by Apple ID A to the iOS device, and authorize the device to run the apps."

This will work even after Apple has removed the malicious app from the App Store, they say. "Although Apple has absolute control of the App Store, attackers can leverage [Man in the Middle attacks] to build a covert distribution channel of iOS apps." The covert distribution channel would be the botnet.

The researchers show another mechanism to get malicious apps onto iOS devices by using permissions granted to developers for testing apps on devices or for enterprises to distribute in-house apps. With enough developer credentials, attackers could distribute malicious applications by getting around the protections put in place for Apps Store applications.

The researchers also discovered that while an iOS device is connected to a PC the host computer can connect to it via Apple File Connection (AFC) protocol. As a proof of concept, the researchers say they retrieved cookies from Facebook and Gmail apps on iOS devices, and transferred them to another computer where they were used to get into those Web accounts.

To estimate how many iOS devices might be vulnerable to such attacks the researchers used DNS traffic from two U.S. ISPs in 13 cities for five days last October. They searched the traffic for the domain names of known botnet command-and-control servers being tracked by security company Damballa to determine how many Windows machines on customer networks included bots. They eliminated Mac OS X machines from the count.

They came up with a conservative estimate that 23% of all the bot machines in the sample had both Windows iTunes installed and also had iOS devices connecting from the same IP address, meaning these iOS devices could be vulnerable to the researchers' attacks. Put another way, if the attacks were bundled into payloads directed at the iOS devices, "there would be 75,714 potential victims in 13 cities, within the networks we monitor."

The researchers say they've already told Apple about their discoveries. "We have made a full disclosure to Apple and notified Facebook and Google about the insecure storage of cookies in their apps," the researchers write in their paper. "Apple acknowledged that, based on our report, they have identified several areas of iOS and iTunes that can benefit from security hardening."

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Appleconsumer electronicsiossecuritysmartphoneshardware systemsiPhonetabletsiPad



Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments