The Biggest iPhone Security Risk Could Be Connecting One To a Computer

angry tapir (1463043) writes Apple has done well to insulate its iOS mobile operating system from many security issues, but a forthcoming demonstration shows it's far from perfect. Next Wednesday at the Usenix Security Symposium in San Diego, researchers with the Georgia Institute of Technology will show how iOS's Achilles' heel is exposed when devices are connected over USB to a computer or have Wi-Fi synching enabled. The beauty of their attack is that it doesn't rely on iOS software vulnerabilities, the customary way that hackers commandeer computers. It simply takes advantage of design issues in iOS, working around Apple's layered protections to accomplish a sinister goal.

Re:Pray BlackBerry sticks around

[sasparillascott]

Not really (at this point), at the recent BlackHat some researchers demonstrated how they could remotely compromise a Blackberry.

http://www.accuvant.com/about-... [accuvant.com]

Another great article that talks a little about that instance with Blackberry and another smartphone platform designed for security as well:

http://arstechnica.com/securit... [arstechnica.com]

Re:Minor detail glossed over in the headline

[gtall]

Thanks for that bit of useless advice. I'll now ascertain whether any computers I need to connect with have malware installed, then I'll be safe.

Hint: classical logic presumes you have complete knowledge of the world. Use it with care.

Re:Minor detail glossed over in the headline

[tlhIngan]

No. The phone should display a notification if an application is side loaded over USB. It shouldn't be possible to install an application without the user's knowledge. Trusting the connection should merely allow the phone and the computer to communicate. It should not allow remote control of the device.

Technically, the application is signed by Apple still. Or it's self-signed using a developer certificate (which only gives you 100 devices once a year - you can freely add devices up to that 100 limit, but after that, you can only change their device IDs once a year.).

The hack is effectively being able to install a provisioning profile to allow an unsigned app to run. The provisioning profile is signed by Apple, so it's either an enterprise or developer profile.

At the same time, it works by hijacking the iTunes connection to do so.

In other words, all that's going ot happen is Apple is going to ask for confirmation to install new provisioning profiles. Doesn't matter when you ask since the profile is required to run the unsigned app - you can ask at the beginning, at the end, in the middle, or when the app is attempted to be run.

(Provisioning profiles also expire after a certain amount of time - after which the app will NOT run. And the user is free to remove them at any time. None of this is any protection though).

Though, provisioning profiles are tracable to the original account that had them made, and since they cost $99, that makes the attack far less easy than it appears because if you do this, it's traceable to the person who paid for it.

Granted, developers have been warned to keep their provisioning certificates safe because a fair bit of malware does target ripping them off.