Introduction

Our last article started off our series upon the Security weaknesses and vulnerabilities which are found on wireless devices, especially those of Smartphones. As it was discussed, the evolution of computer technology has come a very long way since the first mainframe machines came out in the 1950s and into the 1960s.

It has come to the point now that we can even conduct our work-related matters straight from our Smartphone-whether it is from conducting a meeting, composing documentation and/or reports, or even exchanging files from one party to another.

In fact, many businesses and corporations now even offer their employees to have the ability to remotely log in to the Corporate Network Infrastructure remotely straight from their wireless device.

However, the idea here is that the employee will use their work authorized Smartphone to do this. However, just because out of the sheer lack of routine, many employees and other remote workers very often log into the Central Server(s) at the business or the corporation via their own personal Smartphone, not the company issued one.

This is, of course, can lead to many Security issues, primarily because the employees personal Smartphone does not have the extra Security features and layers that the company issued one has. Some of this can include having higher levels of Encryption or even implementing a Multi-Modal Security solution.

Examples of this would be using a PIN Number along with a password, using an RSA Token in conjunction with a password, or even using a Biometric trait such as your Iris or Fingerprint in conjunction with a username/password as well. The use of Biometric Technology in Smartphones will be examined in a later article.

In fact, the entire phenomenon of employees using their Smartphones (and even other wireless devices for that matter) is known specifically as “Bring Your Own Device,” or “BYOD” for short. Because of this, many businesses and corporations have to rewrite their entire Security Policies and Procedures to accommodate the effects of Bring Your Own Device.

A lot of the new content relates to the consequences which could occur if an employee does not use a company issued Smartphone (or any other wireless device) when they remotely log in to conduct office related matters.

Also, a future article will also examine in much more detail what Bring Your Device Phenomenon is all about, as well as its effects if the protocol is not followed.

There are numerous why the Smartphone has become the prime choice of attack for the Cyber hacker. First, they realize all of the information and data which is stored on the Smartphone is very valuable, especially as it relates to work matters. Second, they also realize the social impacts that a wide scale Cyber-attack can have because the Smartphone has literally become an extension of both our personal and professional lives.

In other words, such an attack would render the feelings of paralysis and helplessness to the population which could potentially be affected.

Our last article examined in some detail the Security vulnerabilities of the Samsung wireless devices, especially as it relates to the Android Operating System, which includes:

  1. The weaknesses found in the Knox System;
  2. Resource Draining;
  3. Rogue Application Installation;
  4. Covert Eavesdropping;
  5. Private Network Compromising;
  6. Botnets.

It is important to keep in mind that although all of the above are serious threats, it is the Botnet which is considered to be one of the worst kinds of Cyber-attacks onto a Smartphone.

In this article, we continue to examine the threats which are posed to the Samsung devices, and from there, make a transition over to the next popular brand of Smartphones, the iPhone and the iOS Operating System.

The Security Threats Posed to the Samsung Smartphones-Continued


One of the latest threats which have been posed to the Samsung device directly came from the Swift Keyboard which was already preinstalled onto the hardware. The affected devices included the Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini brands of Smartphones. This particular vulnerability was first discovered by a Cyber Security organization as “NowSecure.”

Essentially, the Swift Keyboard automatically looks for Software Upgrades and Patches over an unencrypted line of communications between the Samsung device and the Server(s) upon which these Upgrades/Patches reside upon. According to Ryan Welton, a Security Researcher at NowSecure:

“Those files come as a .zip and are “written as system user. This is a very powerful user capable of writing many places on the file system. Oh, and the zip is sent over plaintext. The keyboard app validates the language zip files, but it does this with a manifest that is also sent insecurely.” (SOURCE: 1).

Because of this serious vulnerability, a Cyber attacker could very easily replicate a Proxy Server (which of course would be spoofed), and from there, a fake Software Upgrade/Patch could then be delivered to the particular brand of Samsung as just described.

This could include a malicious Malware or Spyware .exe file, or it could be a tool which was installed covertly so that the Cyber attacker could engage in covert eavesdropping based activities (such as listening to private phone conversations, text and instant messages, etc.).

However, there are other serious ramifications to this other than just conducting an eavesdropping session. These include the following:

  1. The ability for the Cyber attacker to access sources which are internal to the Samsung device such as the GPS, camera, or even microphone.
  2. Install rogue Mobile Apps (as it was reviewed in detail in the last article).
  3. Giving the Cyber attacker the ability to tamper with the legitimate Mobile Apps on the Samsung device.
  4. Having a greater ability to access corporate information and data and use that either for an Espionage Attack or even a Ransomware Attack.

In fact, this particular Security vulnerability was discovered back all the way in 2014, and NowSecure even notified Samsung of this flaw. It was later discovered that it was not the Swift keyboard which was at fault, but rather the way that Samsung integrated this technology into its own Smartphone hardware.

The Security Threats Posed to the Apple Smartphones & The iOS Operating System

In some form or another, we have all at least heard of or even used Apple wireless-based devices. These can range anywhere from the iPod, to the iPad, to the iPhone. However, in recent time, it has been the iPhone which has probably been the most successful and widely deployed technological tool from Apple.

In all of the Apple devices, it is the iOS Operating System which is used (in a manner, similar to that of how the Android Operating System is utilized in the Samsung devices). For the most part, the iOS has shied away from being a prime target for Cyber attackers.

However, just like any other piece of software, despite all of the precautions which are taken in the Quality Assurance Testing Process, there will be some flaws which will be prevalent, of which the Cyber attacker will take full advantage of.

One such example of this is the Malware attack known as the “AceDeceiver.” Other forms of Malware which have infiltrated through the iOS system have traditionally taken advantage of the flaws which existed in the Enterprise level Certificates.

However, with the AceDeceiver Malware, it completely bypasses these Enterprise-level Certificates and completely installs itself by instead taking advantage of Apple’s Digital Rights Management (DRM) protective mechanism.

The Digital Rights Management prevents users from paying for a subscription, then downloading a lot of digital based content, and then immediately after that, canceling the subscription. If the user were actually to do this, then all of the paid subscriptions will be rendered useless and completely inoperable.

The name of this Digital Rights Management protective mechanism is known specifically as “FairPlay,” and thus, the name of the attack is appropriately entitled as the “FairPlay Man in The Middle” attack, or also known as “MITM” for short.

Under the normal way, a user can easily purchase and download the relevant apps they want from the App Store through the iTunes client which is running on his or her iPhone. During this process, the iOS from within the iPhone will then request a specific Authorization Code for each app which was downloaded and installed.

This is a way of simply proving that the app was purchased via a legitimate means. This methodology is illustrated below, under the heading “Normal Procedures”:

Ethical Hacking Training – Resources (InfoSec)

However, with the FairPlay Man in The Middle Attack, it is the Cyber attacker which actually makes the purchase from the App Store, then literally intercepts to capture the specific Authorization Code.

They then proceed to develop specialized software which “mimics” user behavior as they actually use their iTunes client on their respective iPhone device.

The result is that the iOS is tricked into “believing” that app was legitimately purchased by the end user.

Because of this covert trickery, the Cyber attacker can thus install malicious apps which contain Malware and Spyware onto the iPhone without the end user even knowing that this has happened. This scenario is depicted above under the heading ‘FairPlay MITM”.

In a way, this is almost very similar to a Phishing attack. For example, in this kind of attack, the end user is tricked into going to a spoofed website which looks totally legitimate. From here, he or she then enters their username/password combination, which is then hijacked by the Cyber attacker.

In this situation, the end user is tricked into believing that the app they have downloaded onto their iPhone is actually legitimate, and the Malware and/or Spyware can then record their keystrokes as they entire their username/password combination for other applications that he or she accesses.

Conclusions

The first of the AceDeceiver rogue applications were launched last year, in 2016. There were three of them, and it even bypassed Apple’s Quality Assurance (QA) Testing Processes on seven different, documented occasions.

However, interestingly enough, this Security Threat has geographic limitations so far, as only users in China seem to be the most affected. However, just because it affects one region of the world does not mean that it will not spread quickly and infect other iPhone users as well.

It should be noted that Apple did remove these rogue apps from the App Store once they became aware of them, but despite this, the seeds of the AceDeceiver threat has literally been planted there.

In other words, since these apps were already present once before, the Cyber attacker can still very easily obtain a copy of the Authorization Code. As a result of this, any attacks utilizing the AceDeceiver threat vector does not need to have current access to the App Store to spread these rogue apps.

It should be kept in mind that the AceDeceiver is a very serious threat, and the next article will examine the implications of it in more detail, as well as other Security threats and vulnerabilities which are posed to the iOS Operating System, and in turn, the iPhone.

References

  1. http://www.computerworld.com/article/2936613/cybercrime-hacking/vulnerability-in-samsung-galaxy-phones-put-over-600-million-samsung-phone-users-at-risk.html
  2. http://www.digitaltrends.com/mobile/keyborad-security-flaw-samsung-phones-version-1434560683/
  3. http://www.v3.co.uk/v3-uk/news/2451241/major-ios-malware-threat-affecting-iphones-via-apple-drm-flaw-uncovered
  4. http://www.csoonline.com/article/2826038/mobile-security/top-6-threats-to-ios-devices.html#slide1
  5. http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
  6. https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/apple-threat-landscape-16-en.pdf
  7. http://www.it-docs.net/ddata/781.pdf
  8. https://www.apple.com/business/docs/iOS_Security_Guide.pdf