Abstract
iOS is Apple’s mobile operating system, which is used on iPhone, iPad and iPod touch. Any third-party applications developed for iOS devices are required to go through Apple’s application vetting process and appear on the official iTunes App Store upon approval. When an application is downloaded from the store and installed on an iOS device, it is given a limited set of privileges, which are enforced by iOS application sandbox. Although details of the vetting process and the sandbox are kept as black box by Apple, it was generally believed that these iOS security mechanisms are effective in defending against malwares.
In this paper, we propose a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. Following this generic attack mechanism, we are able to construct multiple proof-of-concept attacks, such as cracking device PIN and taking snapshots without user’s awareness. Our applications embedded with the attack codes have passed Apple’s vetting process and work as intended on non-jailbroken devices. Our proof-of-concept attacks have shown that Apple’s vetting process and iOS sandbox have weaknesses which can be exploited by third-party applications. We further provide corresponding mitigation strategies for both vetting and sandbox mechanisms, in order to defend against the proposed attack vector.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Apple Press Info: App Store Tops 40 Billion Downloads with Almost Half in 2012 (January 2013), http://www.apple.com/pr/library/2013/01/07App-Store-Tops-40-Billion-Downloads-with-Almost-Half-in-2012.html
Safe and Savvy: How secure is your iPhone (June 2012), http://safeandsavvy.f-secure.com/2012/06/29/how-secure-is-your-iphone/
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14 (2011)
TrendLabs: Malware for iOS? Not Really (June 2012), http://blog.trendmicro.com/trendlabs-security-intelligence/malware-for-ios-not-really/
Han, J., Yan, Q., Gao, D., Zhou, J., Deng, R.H.: Comparing Mobile Privacy Protection through Cross-Platform Applications. In: Proceedings of the Network and Distributed System Security Symposium (February 2013)
macgasm.net: IT Professionals Rank iOS As Most Secure Mobile OS (August 2012), http://www.macgasm.net/2012/08/17/it-professionals-rank-ios-as-most-secure-mobile-os/
NakedSecurity: First iphone worm discovered - ikee changes wallpaper to rick astley photo (November 2009), http://nakedsecurity.sophos.com/2009/11/08/iphone-worm-discovered-wallpaper-rick-astley-photo/
NakedSecurity: Hacked iphones held hostage for 5 euros, http://nakedsecurity.sophos.com/2009/11/03/hacked-iphones-held-hostage-5-euros/
Damopoulos, D., Kambourakis, G., Gritzalis, S.: iSAM: An iPhone Stealth Airborne Malware. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 17–28. Springer, Heidelberg (2011)
Kravets, D.: ABCNews: Jailbreaking iPhone Legal, U.S. Government Says, http://abcnews.go.com/Technology/story?id=11254253
iOS Technology Overview: Cocoa Touch, https://developer.apple.com/technologies/ios/cocoa-touch.html
Freeman, J.: Cydia, an alternative to Apple’s App Store for jailbroken iOS devices, http://cydia.saurik.com/
Apple Developer: Xcode, Apple’s integrated development environment for creating apps for Mac and iOS, https://developer.apple.com/xcode/
Seriot, N.: iOS 6 runtime headers, https://github.com/nst/iOS-Runtime-Headers
Seriot, N.: Objective-C Runtime Browser, for Mac OS X and iOS, https://github.com/nst/RuntimeBrowser/
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated Whitebox Fuzz Testing. In: Proceedings of the Network and Distributed System Security Symposium (2008)
Person, S., Yang, G., Rungta, N., Khurshid, S.: Directed incremental symbolic execution. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 504–515 (2011)
Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In: Proceedings of the Network and Distributed System Security Symposium (2011)
apple.com: Apple Open Source Projects, http://www.apple.com/opensource/
Seriot, N.: iPhone Privacy. In: Black Hat DC (2010)
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proceedings of the Network and Distributed System Security Symposium (2011)
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX Security Symposium (2011)
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Annual Network & Distributed System Security Symposium (February 2012)
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium (2011)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI (2010)
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2011)
Egners, A., Marschollek, B., Meyer, U.: Hackers in Your Pocket: A Survey of Smartphone Security Across Platforms, Technical Report (2012)
Miller, C.: Apple lets malware into App Store (2011), http://nakedsecurity.sophos.com/2011/11/08/apples-app-store-security-compromised/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Han, J. et al. (2013). Launching Generic Attacks on iOS with Approved Third-Party Applications. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38980-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-38980-1_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38979-5
Online ISBN: 978-3-642-38980-1
eBook Packages: Computer ScienceComputer Science (R0)