Yesterday (Sept. 19) at the Mobile Pwn2Own contest at the EUSecWest conference in Amsterdam, a pair of Dutch security researchers successfully exploited a completely patched iPhone 4S.
The duo, Daan Keuper and Joost Pol from The Hague-based computer security company Certified Secure, said their proof-of-concept hack works on both iOS 5.1.1 and the version of iOS 6 that was given to developers several months ago.
Keuper and Pol said iPads are also vulnerable to this attack. While the two haven’t had a chance to test an iPhone 5 running the final build of iOS 6, it is likely also at risk, they told Computerworld.
The malicious code — technically, a drive-by download — took only a few weeks to create and can be embedded anywhere on a website to work, Pol said.
When placed in a graphic or advertisement on a blog visited by Mobile Safari, the code figures out a workaround for Safari’s sandboxing and signing mechanisms.
Users don’t need to do anything but visit the booby-trapped page for the malware to work. While the attack is able to steal a lot of sensitive data, email and SMS messages are separately encrypted and are not vulnerable to this particular attack.
Keuper and Pol wouldn’t reveal exactly how their attack works, but told ZDNet that it involved a zero-day exploit, one that’s not yet known to most security specialists.
They also told ZDNet that they wouldn’t do it again.
“We shredded it from our machine,” Pol said. “The story ends here. … It’s time to look for a new challenge.”
He said that BlackBerry and Android devices, which that run the same WebKit rendering in their browsers as iOS’s Safari, could also be open to this exploit, but haven’t been tested. Pol hopes Apple fixes the exploit soon and that users download the patch as soon as possible.
Last year, security researcher Charlie Miller snuck a malicious proof-of-concept app into Apple’s iTunes App Store that could also steal data from iPhones.
For their successful hack of Mobile Safari, Pol and Keuper together took home $30,000.
Nice blog! You now have turn-by-turn directions, which was never an integrated option on the iPhone before. And the properly 3D mapped city escapes are stunning again on Apple Maps, if you live in a location that's mapped well.
ReplyDeleteThanks for your post. Wow, I can't believe it's already been hacked. That was quick!
ReplyDelete@ Best iPhone Screen Protector: Nice ad disguised as a comment! It's one step above "Wow, that makes a lot of sense, dude."
ReplyDeleteWhen this blog stated, I predicted that it would eventually be overrun with advertising spam. Frankly, I'm impressed that it's survived this long.
Yes, I know this blog is all about Apple's flaws, but context matters. While Apple isn't perfect, compared to the competition, it might as well be.
ReplyDelete"The amount of mobile Android malware has surged this year, from a count of 30,000 malware specimens in June to almost 175,000 last month, according to Trend Micro's Security Roundup report for the third quarter of this year."
http://www.networkworld.com/news/2012/102212-trendmicro-android-malware-263542.html
"According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum, Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform."
ReplyDeletehttp://techcrunch.com/2013/03/07/f-secure-android-accounted-for-79-of-all-mobile-malware-in-2012-96-in-q4-alone/
The numbers are a bit skewed (probably by an Apple fanboy)
ReplyDeleteAndroidHeadlines:
"There are many reasons why you should question this report, though. For one, F-Secure counts Android test tools as malware. Really? Google is using those to prevent malware. How could they cause more problem? The report claims that the tools “may be misused for malicious intent by irresponsible parties.”