An international team of cybersecurity researchers with the involvement of TU Darmstadt has identified serious security vulnerabilities in the iOS – the operating system used in iPhone and iPad. The vulnerabilities enable a variety of attacks on Apple's devices.
"Many believe that the 'closed' operating system of Apple is more secure than the 'open' Android system. That's why we wanted to take a closer look at Apple's security technologies", explains Ahmad-Reza Sadeghi, professor for system security at the cybersecurity profile area of Technische Univerität Darmstadt, Germany. In many of the latest iOS versions Apple introduced new technologies, especially to protect the user's privacy, he says. "Our goal was to find out if we can find security vulnerabilities automatically which is not trivial due to the restrictive 'closed' iOS system.
In a joint project with researchers from North Carolina State University and University Politehnica of Bucharest, Sadeghi and his team focused on the iOS's "sandbox," an interface between applications and the operating system. Every third-party app has a set "profile" which controls the information that the app has access to and which actions the app can execute.
To see whether the sandbox profile contained any vulnerabilities that could be exploited by third-party apps, the researchers first extracted the compiled binary code of the sandbox profile. They then decompiled the code, so that it could be read by humans. Next, they used the decompiled code to make a model of the profile, and ran series of automated tests in that model to identify potential vulnerabilities.
"We found serious vulnerabilities", states Sadeghi. Sensitive user data could be collected via third-party apps. Possible attacks could cause various privacy violations:
- Bypassing the iOS's privacy settings for contacts;
- Accessing the user's name and media library;
- Blocking access to system resources, e.g. the user cannot access the address book;
- Apps can share information with each other without permission;
- Obtaining sensitive information, such as when photos were taken, by accessing metadata of system files;
- Consuming disk storage space that cannot be recovered although you uninstalled the malicious app;
"Apple reacted quickly and they discussed the solutions with us", Sadeghi said. According to Apple they are planning to fix the vulnerabilities in the next iOS update. "Nevertheless, in our opinion Apple isolates from collaborating with academia and does not want to initiate cooperations."
The international collaboration led to the paper "SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles" which will be presented end of October at the renowned ACM Conference on Computer and Communications Security (CCS) in Vienna.
Explore further: Georgia Tech uncovers iOS security weaknesses
