Researchers find vulnerabilities in iPhone, iPad operating system

August 25, 2016, North Carolina State University

An international team of computer science researchers has identified serious security vulnerabilities in the iOS - the operating system used in Apple's iPhone and iPad devices. The vulnerabilities make a variety of attacks possible.

"There's been a lot of research done on Android's operating systems, so we wanted to take a closer look at Apple's iOS," says William Enck, an associate professor of computer science at North Carolina State University and co-author of a paper describing the work. "Our goal was to identify any potential problems before they became real-world problems."

The researchers focused on the iOS's "sandbox," which serves as the interface between applications and the iOS. The iOS sandbox uses a set "profile" for every third-party app. This profile controls the information that the app has access to and governs which actions the app can execute.

To see whether the sandbox profile contained any vulnerabilities that could be exploited by third-party apps, the researchers first extracted the compiled binary code of the sandbox profile. They then decompiled the code, so that it could be read by humans. Next, they used the decompiled code to make a model of the profile, and ran series of automated tests in that model to identify potential vulnerabilities.

Ultimately, the researchers identified vulnerabilities that would allow them to launch different types of attacks via third-party apps. Those attacks include:

  • Methods of bypassing the iOS's privacy settings for contacts;
  • Methods of learning a user's location search history;
  • Methods of inferring sensitive information (such as when photos were taken) by accessing metadata of system files;
  • Methods of obtaining the user's name and media library;
  • Methods of consuming disk storage space that cannot be recovered by uninstalling the malicious app;
  • Methods of preventing access to system resources, such as the address book; and
  • Methods that allow apps to share information with each other without permission.

"We are already discussing these vulnerabilities with Apple," Enck says. "They're working on fixing the security flaws, and on policing any apps that might try to take advantage of them."

The international collaboration led to the paper "SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles" which will be presented end of October at the renowned ACM Conference on Computer and Communications Security (CCS) in Vienna.

Explore further: Researchers bypass Apple security gauntlet

More information: "SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles" Authors: Luke Deshotels and William Enck, North Carolina State University; Mihai Chiroiu and Răzvan Deaconescu, University Politehnica of Bucharest; Lucas Davi and Ahmad-Reza Sadeghi, Technische Universität Darmstadt. Presented: Oct. 24-28, ACM Conference on Computer and Communications Security, Vienna Austria

Abstract
Recent literature on iOS security has focused on the malicious potential of third-party applications, demonstrating how developers can bypass application vetting and code-level protections. In addition to these protections, iOS uses a generic sandbox profile, called "container," to confine malicious or exploited third-party applications. In this paper, we present the first systematic analysis of the iOS container sandbox profile. We propose the SandScout framework to extract, decompile, formally model, and analyze iOS sandbox profiles as logic-based programs. We use our Prolog-based queries to evaluate file-based security properties of the container sandbox profile for iOS 9.0.2 and discover seven classes of exploitable vulnerabilities. These attacks affect nonjailbroken devices running later versions of iOS. We are working with Apple to resolve these attacks, and we hope SandScout will play a significant role in the development of sandbox profiles for future versions of iOS.

Related Stories

Apple's App Store review process missed Georgia Tech Jekyll

August 19, 2013

(Phys.org) —Georgia Tech researchers figured out a way to bypass Apple's safeguards in allowing new apps on the App Store. Apple adopts review mechanisms to ensure that only approved apps can run on iOS devices and enjoys ...

Researchers jailbreak iOS 7.1.2

August 1, 2014

Security researchers at the Georgia Tech Information Security Center (GTISC) have discovered a way to jailbreak current generation Apple iOS devices (e.g., iPhones and iPads) running the latest iOS software.

Georgia Tech uncovers iOS security weaknesses

July 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, ...

Recommended for you

Sculpting stable structures in pure liquids

February 21, 2019

Oscillating flow and light pulses can be used to create reconfigurable architecture in liquid crystals. Materials scientists can carefully engineer concerted microfluidic flows and localized optothermal fields to achieve ...

Researchers make coldest quantum gas of molecules

February 21, 2019

JILA researchers have made a long-lived, record-cold gas of molecules that follow the wave patterns of quantum mechanics instead of the strictly particle nature of ordinary classical physics. The creation of this gas boosts ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

NIPSZX
not rated yet Aug 25, 2016
It looks like out dating devices by falsely representing that older iphones cannot handle newer operating systems is not good enough for Apple. They want to destroy the entire fleet of old devices! If Apple bites their tongue and resorts to patching new iOS to all old devices to prevent vulnerabilities, I will forgive them for hoarding insane amounts of cash overseas. I will also drop my boycott of Apple devices, due to their ungratefulness towards customers.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.