Commenting on the fact that Apple’s “walled garden” approach to app security on iPhones, iPads and other iOS-driven devices has been seriously compromised by a researcher, I’d expect to see real hacker subversions of the Apple smartphone and tablet computing platform in the near future.
Until now it was thought that Apple’s iOS platform was relatively invulnerable to subversion by conventional malware, but the fact that the security of the iTunes vetting procedure can be side-stepped by sneaking in a darkware app – right under Apple’s noses – shows what can be done.
The revelation that iPhone and iPad malware can be created – and distributed on one of the largest and most trusted portable applications arena on the planet – will create what I call the Colditz effect. Colditz is a Renaissance castle in the town of the same name near Leipzig in Germany – it was used as a prisoner-of-war camp by the Germans in World War II, as it was thought impossible to escape from, on account of its high levels of security.
But as prisoners learned that escape was possible, the castle ended up being infamous for the number of successful escape attempts. Prisoners actually welcomed being transferred to Colditz as they knew it was possible to escape. And now that the cybercriminal community know that it is possible to compromise iTunes and the iOS platform, you can guess what is going to happen now.
Serial Apple Mac cracker Charlie Miller reportedly plans to detail his iOS revelations at the SysCan conference in Taiwan next week. He will show how it is possible to exploit a flaw in Apple’s restrictions on code signing on iOS devices – the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory.
Using a remote access call that sounds very like a Remote Access Trojan (RAT), the app can then download new commands on to the portable device, allowing all sorts of data to be relayed from the iPad or iPhone without the user’s permission.
And that is just for starters, as the unapproved commands can do just about anything with the iOS device, including apparently retasking other apps for nefarious purposes.
With the right commands, hackers can effectively “pwn” an iPhone or iPad, just as they can remotely assume control over desktop PCs using suitable malware and an infection route into the machine in question.
As Miller says – “now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely” – and he’s right too.
Apple will be burning the midnight oil to work out how to beat this potentially serious compromise of the iOS platform, but I suspect a simple patch may not be enough to solve this security issue.