Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
IOS Cellphones Handhelds Iphone Security IT

The Biggest iPhone Security Risk Could Be Connecting One To a Computer 72

Posted by timothy
from the seems-an-obvious-hole dept.
angry tapir (1463043) writes Apple has done well to insulate its iOS mobile operating system from many security issues, but a forthcoming demonstration shows it's far from perfect. Next Wednesday at the Usenix Security Symposium in San Diego, researchers with the Georgia Institute of Technology will show how iOS's Achilles' heel is exposed when devices are connected over USB to a computer or have Wi-Fi synching enabled. The beauty of their attack is that it doesn't rely on iOS software vulnerabilities, the customary way that hackers commandeer computers. It simply takes advantage of design issues in iOS, working around Apple's layered protections to accomplish a sinister goal.
This discussion has been archived. No new comments can be posted.

The Biggest iPhone Security Risk Could Be Connecting One To a Computer

Comments Filter:
  • Developer Access? (Score:4, Interesting)

    by Ronin Developer (67677) on Thursday August 14, 2014 @10:40AM (#47670421)

    To my knowledge, to utilize an iOS device with developer provisioning profiles, you have to enable the device for development access via XCode.

    Even with an ad-hoc distribution, the device must be listed in the provisioning profile with the exceptions being enterprise and app-store apps.

    Did this attack vector circumvent these protections? Or, was he using iOS devices configured for development and, thus, not a real-world attack?

  • by davidwr (791652) on Thursday August 14, 2014 @11:00AM (#47670539) Homepage Journal

    This is one reason why charging-only cables or cable adapters which do not carry the "data lines" should be cheap and just as widely-available and widely-marketed as other USB cables.

    Bonus points if they are transparent so the end user can visually verify that the only connected lines are the power and ground lines.

    OBDIYHACK: http://www.instructables.com/i... [instructables.com]

  • by Anonymous Coward on Thursday August 14, 2014 @11:42AM (#47670829)

    No. The phone should display a notification if an application is side loaded over USB. It shouldn't be possible to install an application without the user's knowledge. Trusting the connection should merely allow the phone and the computer to communicate. It should not allow remote control of the device.

Unix: Some say the learning curve is steep, but you only have to climb it once. -- Karl Lehenbauer

Working...