As Information Security professionals must focus on threats they are charged to defend against, it’s beneficial for them to acknowledge what the attack vectors of tomorrow might be to better prepare for them today.
Proposition: iPhone user? You're pwned.
Yes, that is quite a blanket statement. Give me a minute to back up that statement with my evidence.
Let’s start with motivations:
- Authors of malware (malicious software) do so to make money by capturing your resources (bandwidth or storage)
- Malware programmers will choose a target based on the amount of bang for their buck (or time)
Some statistics:
[caption id="attachment_607" align="alignnone" width="394" caption="44 million Apple iPhones have been sold to date (and that's not counting iPod Touches)"]
[/caption][caption id="attachment_605" align="alignnone" width="460" caption="iPod Touch sales now outpace iPhone sales, so let's assume a one for one iPod Touch sold for each iPhone sold to date. Windows XP was released in 2001 and hit 153 million units within the first 3 years of it's release"]
[/caption]Conclusion 1: iPhone OS is as popular as Windows XP was 2001-2003
So far, we’ve established that the iPhone & Mac platforms are a realistic target. Let’s take a look at what vulnerabilities on iPhones look like. I have assembled a list of some of the bad vulnerabilities that have been found and patched to date. Keep in mind that these have all been discovered since the iPhone was announced in summer 2007.
Arbitrary remote code execution:
• Receiving a maliciously crafted SMS message
• Playing a maliciously crafted mp4, AAC or MP3 audio file
• Visiting a maliciously crafted website
• Viewing a maliciously crafted PNG or TIFF image
• Viewing a maliciously crafted MPEG-4 video
• Opening a maliciously crafted PDF file
• Accessing a maliciously crafted FTP server
Interception & redirection:
• Susceptible to DNS cache poisoning and may return forged information
• Predictable TCP initial sequence numbers may lead to TCP spoofing or session hijacking
• Look-alike characters in a URL could be used to masquerade a website
• A remote attacker may cause a device reset (via crafted ICMP Ping)
Breach of Privacy:
• Apps can read another Apps data
• User names and passwords in URLs may be disclosed to linked sites
Unauthorized Local access:
• An unauthorized user may bypass the Passcode Lock and launch iPhone applications via Emergency Call
• Deleted email messages may still be visible through a Spotlight search
• Passwords may be made visible via undo
• A person with physical access to a locked device may be able to access the user's data
Now here comes the real shocker...
[caption id="attachment_608" align="alignnone" width="558" caption="In nearly 3 years of availability, the Apple iPhone OS has had 104 security vulnerabilities identified and patched, while Microsoft Windows XP had 86 security vulnerabilities patched in it’s first 3 years"]
[/caption]In the same amount of time after release, the iPhone had 18 more security patches than Windows XP did. To skew the number even further, 27 (twenty seven!) of those Windows XP Patches were replaced by another patch so technically there were only 59 patches for Windows XP in the first three years.
Conclusion 2: The iPhone is a more vulnerable target than infant Windows XP was (pre SP2!)
Finally, let’s review what sensitive personal information is stored on these devices and is at risk of being leaked.
- GPS Location
- Safari History
- AutoComplete data
- Call History
- YouTube History
- Emails
- Text Messages
- Address Book
- Pictures
- Name
- Phone Number
- Birthday
Conclusion 3: the iPhone is a sexy, well-organized, treasure trove of personal information, ripe for theft or abuse
This would suggest that the early iPhone 0-day attacks will be spear phishing high profile users such as celebrities, business leaders or government officials.
What do you think?
If you found this article useful, please show it by following my blog.
source source source source
