'Serious security vulnerabilities' found in Apple's iOS
A number of security vulnerabilities have been found in iOS, the operating system (OS) used in iPhone and iPad, which could enable a variety of attacks on Apple’s devices.
An international team of cybersecurity researchers with the involvement of TU Darmstadt, a German research university in the city of Darmstadt, deconstructed the OS in order to discover security flaws.
“Many believe that the ‘closed’ operating system of Apple is more secure than the ‘open’ Android system. That’s why we wanted to take a closer look at Apple’s security technologies”, explains professor Ahmad-Reza Sadeghi at TU Darmstadt.
In many of the latest iOS versions Apple introduced new technologies, especially to protect the user’s privacy, he said. “Our goal was to find out if we can find security vulnerabilities automatically, which is not trivial due to the restrictive ‘closed’ iOS system.”
Android has recently been beset with security problems, with nearly 100,000 Android devices being infected with the HummingBad virus in the UK in July and the cyber security firm Check Point recently claiming that 900 million Android devices are vulnerable to attack from malicious apps.
In a joint project with researchers from North Carolina State University and University Politehnica of Bucharest, Sadeghi and his team focused on the iOS’s ‘sandbox’, an interface between applications and the OS.
Every third-party app has a set ‘profile’ which controls the information that the app has access to and which actions the app can execute.
To see whether the sandbox profile contained any vulnerabilities that could be exploited by third-party apps, the researchers first extracted the compiled binary code of the sandbox profile and decompiled it so that it can be read by humans.
Next, they used the decompiled code to make a model of the profile, and ran series of automated tests in that model to identify potential vulnerabilities.
“We found serious vulnerabilities”, states Sadeghi. Sensitive user data could be collected via third-party apps and possible attacks could cause a number of privacy violations including:
- Bypassing iOS’s privacy settings for contacts
- Accessing the user’s name and media library
- Blocking access to system resources, e.g. the user cannot access the address book
- Apps can share information with each other without permission
- Obtaining sensitive information, such as when photos were taken, by accessing metadata of system files
- Consuming disk storage space that cannot be recovered despite uninstalling the malicious app
“Apple reacted quickly and they discussed the solutions with us”, Sadeghi said. According to Apple it is planning to fix the vulnerabilities in the next iOS update. “Nevertheless, in our opinion Apple isolates from collaborating with academia and does not want to initiate cooperations.”