Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Chinese hackers put iOS in the crosshairs with novel attack angles

Gregg Keizer | Oct. 6, 2015
Exploits use Apple's enterprise app distribution model and 'private APIs' to seed adware on iPhones, sidestepping App Store inspections

Olson said it would be hard for Apple to sniff out all private API use, in part because of how Objective C, the primary programming language used to create iOS and OS X apps, operates. Because of that difficulty, Olson worried that malware abusing private APIs demonstrated to such effect by YiSpecter, would proliferate.

"For a long time, Apple's 'walled garden' worked extremely well," Olson said. "But iOS devices are valuable, their users are valuable, so there are lots of eyeballs on it. No one ever expected [attackers] to roll over and give up. People just want to keep going for it."

While Olson was far from predicting the end of the world as we know it, others were even more sanguine.

"This does not signal the collapse of Apple's iOS security model," Trey Ford, global security strategist at Rapid7, argued in a Monday email. "Attackers know that focusing on edge cases, specifically exceptions like the 'in-house distribution' workflow using enterprise certificates, provide the most likely path to deployment."

Ford is more confident than Olson -- or the Purdue quartet -- that private APIs pose little threat if users stick to the basic rules of not straying outside the App Store and not jailbreaking a device.

Olson wasn't so sure, and talked about the focus of Chinese security experts, both white hats and black hats, on iOS. "Part of it is that there is just a tremendous amount of research into iOS in China," he said. "There are more jailbroken iPhones there, even now, than elsewhere, and Chinese researchers are more used to writing malware for iOS.

"It's a very interesting research community," Olson added. "This is not the end [of iOS exploitation attempts]. We should expect them to keep trying to implement these kinds of techniques."

More information about YiSpecter can be found in Xiao's analysis on Palo Alto Networks' website.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.