Introduction and Overview of the Last Article
Our last few articles have reviewed some of the threats that have occurred to not only Smartphones but also to the software applications that reside in them. Our emphasis thus far has been on the Samsung devices, and the Android Operating System; with an introduction to threats posed to the iOS Operating System.
The first two articles in this series examined some of the vulnerabilities to the Android Operating System, whereas the third article examined in further detail the threat posed by what is known as the “Fair Play Man in the Middle Attack.” This has been deemed a serious threat to the iOS.
The main crux of this specific threat is that a Cyber attacker can install rogue mobile applications onto an end user’s iPhone, making it look like the authentic mobile app. Essentially, an iPhone needs to be connected to a PC (via a USB connection) for the effects of this attack to be felt.
To do this, a malicious Windows-based client known as the “Aisi Helper” was created to trick the end user into believing that a proper sequence of backup and restore processes are being conducted onto the PC.
However, in reality, what is happening is that this client, through the PC and the USB connection, is actually installing and deploying these rogue mobile applications onto the iPhone device. There is no doubt that these rogue apps can cause a lot of harm from not only a physical and financial perspective, but it also heavily preys upon the Security naivete of the end user.
For example, he or she is most concerned about using their iPhone to communicate and to conduct personal and professional matters. Very little thought is given if a new mobile app has been covertly installed; as this is the only way that a rogue mobile installed by the Aisi Helper can be detected.
It should also be noted that this type of Security threat, at least at present, has only been prevalent in China. It has not existed as a true Cyber threat in that it has not been intentionally launched to cause damage or Identity Theft Attacks; it has only existed as a prototype in a testing environment.
However, the real fear is that one day it could be used for malicious purposes with real intent, and as a result, millions of iPhone devices around the world could be infected with this Malware in just a matter of a few minutes.
The third article also reviewed two other known threats to the iOS Operating System. The first of these is what is known as “Sandjacking.” This typically involves the covert hijacking of an iOS test environment and manipulating the Digital Certificates in such a way that the rogue mobile applications, which are created in this scenario, can actually be uploaded as a legitimate mobile application onto the App Store. This is done by using a tool known specifically as the “Su-A-Cyder.”
The second known threat is that of which certain image files (such as those of .JPF, .BMP, .TIFF, etc.) can be manipulated so that a malicious payload can be delivered to a wireless Apple device, such as that of the iPad or even the iPhone. The destructive .exe files can be simply downloaded by hovering the mouse pointer over one of these image file types.
Although this threat has been limited thus far, just like the Fair Play Man in the Middle Attack, there is also a real fear that this can also spread very quickly as well, but in a much more sinister way: Actually launching Identity Theft attacks.
In this article, we continue with the theme of looking at threats, which are posed to the iOS. We feel it is important to examine these in further detail because there is often that false sense of thinking which exists that Apple wireless devices are totally safe from any type or kind of Malware/Spyware Attacks.
For example, “Apple has done a tremendous job of creating a locked-down operating system that keeps malicious software away from its elegant handsets and deters potential attackers.” (SOURCE: 1).
However, even despite this, just like any other piece of technology, the iOS too is prone by the malicious intents of the Cyber attacker, as this article will illustrate.
The Latest Threats To The iOS
As it has been just described, the iPhone is deemed to be one of the most secure wireless devices available today. However, there are always ways to circumvent the Security features that Apple has devised, and end users and especially the Cyber attacker of today have found ways to gain more control over the iOS Operating System.
In other words, you literally become of the Administrator of your own Apple wireless device, whether it is for non-malicious or malicious purposes. This will topic will be reviewed in more technical detail in a future article.
It is important to note that this technique is referred to popularly as “Jailbreaking.” All Smartphones are susceptible to this, but in recent times, it has been the iPhone which is the most prone to this.
To launch this kind of threat, all the Cyber attacker needs to do is merely what is known specifically as the “Mobile Remote Access Trojans,” also known as the “mRAT” for short.
Once this Trojan Horse has been installed onto the iOS Operating System, it bypasses all of the Security mechanisms which have been preinstalled onto the iPhone, and even installs a surveillance package which literally allows for the Cyber attacker to gain remote access to the victimized iPhone from anywhere in the world.
This can all be done by using utilizing a compromised computer that acts as the host for the Trojan Horse, and a USB cable (in a manner similar to that of the “Fair Play Man in the Middle Attack.”
The Malicious Configuration Profile
If attacking the iOS Operating System is not satisfying enough to the Cyber attacker, then he or she can use an attack vector, which makes use of Social Engineering tactics as well.
For example, whenever a brand-new iPhone has been manufactured, and all of the software features have been installed (including the iOS), it will come with what is known as a “Configuration Profile.” This profile also consists of a file called the “.mobileconfig.”
This file was not created for use by the direct user of the iPhone; rather, it was created for usage by the Systems/Network Administrator(s) of a business or a corporation, or and even the wireless carriers that sell the iPhone devices at the retail level.
This specific Configuration Profile contains the settings for establishing the thresholds for the optimal running of the Wi-Fi, the Virtual Private Network (VPN), E-Mail systems, calendars, and even the creation of a new Password or PIN Number.
The main purpose of the Configuration Profile is to allow the customer to quickly and securely customize their own individual iPhone, without having to enter all of the above information in by themselves. However, it is the latter that is of controversy and risk.
For instance, during this customization process, a Cyber attacker could, with some difficulty, actually create their own version of a Configuration Profile, and install an “infested” .exe file into it.
This file can then be used to actually direct the iPhone to a rogue Proxy Server or even a fictitious Virtual Private Network, and from there direct the Web Browser (which is primarily Safari in the iOS) to various Phishing Websites, which could include anything from an online store to a banking site (basically anywhere an individual has to enter in their Username/Password combination).
The WebKit Vulnerability
For those who do not know, the “WebKit” is actually a Web Browser engine, which has created and developed on an Open Source Code Platform. The technical details of it can be seen here at this link:
The primary usage of WebKit is to properly layout, display, and render a particular Website in the Safari Web Browser. However, this too prone to the hands of the Cyber attacker. In these instances, malicious scripts can be inserted into the WebKit (in fact, in a manner similar to that of a SQL Injection Attack) and executed.
At this point, the infected iPhone will then become a “Zombie Smartphone” so that it can remotely spread the same script to other iPhones, and infect them as well. One of the best examples of this was the technique known specifically as the “JailBreakMe.”
This was a serious vulnerability in the WebKit, which was used on the iOS 4 Operating System. To the sophisticated end user, he or she could then, as a result, jailbreak their iPhone once they visited a particular Website.
Although Apple has deemed that this particular vulnerability has been fixed, the Cyber attacker still has found ways to penetrate through these patches.
It has been deemed by Security researchers that to fix this vulnerability for the long term, a much more sophisticated fix is required, which can correlate “. . . suspicious behavior and activity with events on the device and network and then stop any data being sent to the attacker.” (SOURCE: 2).
The Zero-Day Attack
Ethical Hacking Training – Resources (InfoSec)
This type of attack is probably one of the most feared ones in the world of Cyber Security. This is when a hacker discovers a specific vulnerability in a software application, but the Vendor who developed the application does not know this.
In other words, the public never knows the vulnerability, and once it is discovered the Cyber attacker will then launch a massive Malware Attack before the software development team can even come up with an appropriate patch.
The damage caused by a Zero Day Attack can be crippling. For example, the confidential and private information of end users can be compromised and even used to launch subsequent Identity Theft Attacks.
Regarding the business or corporation, millions of dollars could be lost every day regarding public damage, losing customers, and the costs, which are associated with restoring operations, back to a normal level once again.
There is no software application or Operating System, which is one hundred immune to a Zero Day, Attack-even that of the iOS. It is also important to note that the effects may not be “visibly” felt. In other words, they can be very covert, and the information and data that is captured can then be used to launch a Cyber-attack at a later point in time.
Examples of this include recording Keyboard activity on an iPhone or even an iPad device (this is known as “Key Logging”) and capturing information from a screen (this is also known as “Screen Scraping”).
To combat Zero Day Attacks, Apple just recently announced that it would reward up to $50,000 to any Penetration Tester whom would discover any unknown Security vulnerabilities in the iOS Operating System that could be prone to such a Cyber-attack.
In summary, this article has continued to examine the theme of the latest Security threats which are posed to the iOS Operating System, which in turn affects the iPhone device (and even the iPad devices as well).
It should be kept in mind that a major source of threats are rogue mobile applications which can be in a theoretical sense, into the App Store, and as a result, be downloaded by the end user. There are also instances where these rogue mobile apps can also install themselves onto the wireless device, without the end user even knowing about it at all.
This can be accomplished primarily by covertly manipulating the Digital Certificates, which are provided by Apple to create and develop new mobile apps that can also be uploaded onto the App Store.
So far, as it has been reviewed, it appears that these Security threats have fortunately been limited regarding its geographic boundaries. In other words, they have not spread themselves worldwide yet.
However, the main fear is that this will happen, at a time that will catch most people, and businesses/corporations off guard, thus causing the most amount of damage.
Other Security threats to which the iOS is vulnerable were also reviewed which include manipulation of the Configuration Profile, injecting malicious code into the WebKit, and Zero Day Attacks.
Our next article will continue with the theme of Smartphone Security, but instead, focusing on the Windows Mobile device.