[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1007/978-3-642-38980-1_17guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Launching generic attacks on iOS with approved third-party applications

Published: 25 June 2013 Publication History

Abstract

iOS is Apple's mobile operating system, which is used on iPhone, iPad and iPod touch. Any third-party applications developed for iOS devices are required to go through Apple's application vetting process and appear on the official iTunes App Store upon approval. When an application is downloaded from the store and installed on an iOS device, it is given a limited set of privileges, which are enforced by iOS application sandbox. Although details of the vetting process and the sandbox are kept as black box by Apple, it was generally believed that these iOS security mechanisms are effective in defending against malwares.
In this paper, we propose a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. Following this generic attack mechanism, we are able to construct multiple proof-of-concept attacks, such as cracking device PIN and taking snapshots without user's awareness. Our applications embedded with the attack codes have passed Apple's vetting process and work as intended on non-jailbroken devices. Our proof-of-concept attacks have shown that Apple's vetting process and iOS sandbox have weaknesses which can be exploited by third-party applications. We further provide corresponding mitigation strategies for both vetting and sandbox mechanisms, in order to defend against the proposed attack vector.

References

[1]
Apple Press Info: App Store Tops 40 Billion Downloads with Almost Half in 2012 (January 2013), http://www.apple.com/pr/library/2013/01/07App- Store-Tops-40-Billion-Downloads-with-Almost-Half-in-2012.html
[2]
Safe and Savvy: How secure is your iPhone (June 2012), http://safeandsavvy.f-secure.com/2012/06/29/how-secure-is-your-iphone/
[3]
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the ACMWorkshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3-14 (2011).
[4]
TrendLabs: Malware for iOS? Not Really (June 2012), http://blog.trendmicro.com/trendlabs-security-intelligence/ malware-for-ios-not-really/
[5]
Han, J., Yan, Q., Gao, D., Zhou, J., Deng, R.H.: Comparing Mobile Privacy Protection through Cross-Platform Applications. In: Proceedings of the Network and Distributed System Security Symposium (February 2013).
[6]
macgasm.net: IT Professionals Rank iOS As Most Secure Mobile OS (August 2012), http://www.macgasm.net/2012/08/17/it-professionals-rank-ios-as-most-secure-mobile-os/
[7]
NakedSecurity: First iphone worm discovered - ikee changes wallpaper to rick astley photo (November 2009), http://nakedsecurity.sophos.com/2009/11/08/ iphone-worm-discovered-wallpaper-rick-astley-photo/
[8]
NakedSecurity: Hacked iphones held hostage for 5 euros, http://nakedsecurity.sophos.com/2009/11/03/hacked-iphones-held-hostage-5-euros/
[9]
Damopoulos, D., Kambourakis, G., Gritzalis, S.: iSAM: An iPhone Stealth Air-borne Malware. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 17-28. Springer, Heidelberg (2011).
[10]
Kravets, D.: ABCNews: Jailbreaking iPhone Legal, U.S. Government Says, http://abcnews.go.com/Technology/story?id=11254253
[11]
iOS Technology Overview: Cocoa Touch, https://developer.apple.com/technologies/ios/cocoa-touch.html
[12]
Freeman, J.: Cydia, an alternative to Apple's App Store for jailbroken iOS devices, http://cydia.saurik.com/
[13]
Apple Developer: Xcode, Apple's integrated development environment for creating apps for Mac and iOS, https://developer.apple.com/xcode/
[14]
Seriot, N.: iOS 6 runtime headers, https://github.com/nst/iOS-Runtime-Headers
[15]
Seriot, N.: Objective-C Runtime Browser, for Mac OS X and iOS, https://github.com/nst/RuntimeBrowser/
[16]
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated Whitebox Fuzz Testing. In: Proceedings of the Network and Distributed System Security Symposium (2008).
[17]
Person, S., Yang, G., Rungta, N., Khurshid, S.: Directed incremental symbolic execution. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 504-515 (2011).
[18]
Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation. In: Proceedings of the Network and Distributed System Security Symposium (2011).
[19]
apple.com: Apple Open Source Projects, http://www.apple.com/opensource/
[20]
Seriot, N.: iPhone Privacy. In: Black Hat DC (2010).
[21]
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proceedings of the Network and Distributed System Security Symposium (2011).
[22]
Felt, A.P., Wang, H.J., Moshchuk, A., Hanna, S., Chin, E.: Permission redelegation: attacks and defenses. In: Proceedings of the 20th USENIX Security Symposium (2011).
[23]
Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.R., Shastry, B.: Towards taming privilege-escalation attacks on android. In: Annual Network & Distributed System Security Symposium (February 2012).
[24]
Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium (2011).
[25]
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI (2010).
[26]
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In: Proceedings of the IEEE Symposium on Security and Privacy (2011).
[27]
Egners, A., Marschollek, B., Meyer, U.: Hackers in Your Pocket: A Survey of Smartphone Security Across Platforms, Technical Report (2012).
[28]
Miller, C.: Apple lets malware into App Store (2011), http://nakedsecurity.sophos.com/2011/11/08/apples-app-store-securitycompromised/

Cited By

View all
  • (2021)Analyzing the Effectiveness of Touch Keystroke Dynamic Authentication for the Arabic LanguageWireless Communications & Mobile Computing10.1155/2021/99631292021Online publication date: 1-Jan-2021
  • (2018)iOracleProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196527(117-131)Online publication date: 29-May-2018
  • (2016)SandScoutProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978336(704-716)Online publication date: 24-Oct-2016
  • Show More Cited By
  1. Launching generic attacks on iOS with approved third-party applications

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image Guide Proceedings
    ACNS'13: Proceedings of the 11th international conference on Applied Cryptography and Network Security
    June 2013
    571 pages
    ISBN:9783642389795

    Publisher

    Springer-Verlag

    Berlin, Heidelberg

    Publication History

    Published: 25 June 2013

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Analyzing the Effectiveness of Touch Keystroke Dynamic Authentication for the Arabic LanguageWireless Communications & Mobile Computing10.1155/2021/99631292021Online publication date: 1-Jan-2021
    • (2018)iOracleProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196527(117-131)Online publication date: 29-May-2018
    • (2016)SandScoutProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978336(704-716)Online publication date: 24-Oct-2016
    • (2016)Introducing touchstrokeSecurity and Communication Networks10.1002/sec.10619:6(542-554)Online publication date: 1-Apr-2016
    • (2015)iRiSProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813675(44-56)Online publication date: 12-Oct-2015
    • (2015)Cracking App Isolation on AppleProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813609(31-43)Online publication date: 12-Oct-2015
    • (2015)XiOSProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714629(43-54)Online publication date: 14-Apr-2015
    • (2015)Enpublic AppsProceedings of the 10th ACM Symposium on Information, Computer and Communications Security10.1145/2714576.2714593(463-474)Online publication date: 14-Apr-2015
    • (2014)On the feasibility of large-scale infections of iOS devicesProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671231(79-93)Online publication date: 20-Aug-2014

    View Options

    View options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media