Apple has not fixed a vulnerability which could allow attackers to
replace regular apps with rogue versions without the user’s knowledge. Chilik Tamir from security vendor Mi3 Security disclosed the malicious software at
the Hack in the Box conference in Amsterdam last week and has been told
by Cupertino that it is working on a patch, although so far none has
been forthcoming, according to reports. Tamir demoed a similar attack at Black Hat Asia at the end of March.
Using a self-built tool dubbed ‘Su-A-Cyder’ he showed how an attacker
could replace legitimate apps developed with Xcode7 – an iOS IDE. Anyone
can apparently get an Xcode7 developer’s certificate as long as they
can produce an email address and Apple ID. If the malicious replacement app has the same bundle ID as the
original it could be downloaded onto a victim’s device – allowing an
attacker to carry out a potentially wide range of malicious activities
without the user's knowledge Apple’s iOS 8.3 release blocked this attack route by preventing any app upgrades if the files don’t match. However, in Amsterdam last week, Tamir apparently showed a way to
circumvent this mitigation with SandJacking – a new technique in which
an attacker with access to a victim’s device initiates a back-up, then
deletes the original app, before loading the malicious replacement and
restoring the device from back-up. The new malicious app will require manual approval by the user but
this is likely to be given as it will look identical to the original. Which mitigation tactics should CISOs and consumers alike take against this vulnerability? Share your comments with the Cloud and Cyber Security Center: http://cloudandcybersecurity.blogspot.com/
No comments:
Post a Comment