App detects compromised, jailbroken iOS devices

Powered by SC Magazine
 

Don't wait for iOS malware.

An application is in development for security conscious organisations that can detect jailbroken and compromised iOS devices.

The app, dubbed iVerify, is a proactive measure geared to security spooks who refuse to take solace in the fact that attacks against iOS devices have never been reported outside of laboratories. 

iVerify

It works by executing on the device at boot and scanning the firmware for modifications without using traditional signature detection. Any firmware changes are written to an external file for offline analysis.

Speaking from BlackHat Las Vegas, Trail of Bits chief executive and co-founder Dan Guido said attacks on iOS devices were possible, but had not occurred because of the cost of exploitation.

"Noone has ever seen remote attacks on iOS but it has been proven possible," Guido said. "If [attackers] were incentivised correctly, we may see it, but now the cost of iOS exploitation is high."

The incentive is the value of a target's data. If it was attractive enough, Guido says attackers would invest the resources to compromise iOS.

Attacking jailbroken devices was easy, according to Accuvant principal researcher Charlie Miller. Speaking from Black Hat, the famous Apple hacker said modification was a major security risk and such devices should be restricted from enterprise networks.

"Jailbreaking changes the security of the device and removes all of Apple's protections," Miller said. "If [iVerify] can detect that, then it is quite useful."

Detecting common jailbreaks is already possible although Apple has removed its API which made the process easy.

But savvy users could jailbreak devices using more complex methods that would not normally be detected. Here, Guido's app could be an asset.

iVerify is still in early development. It was built for a Trail of Bits client who was concerned about the security risks of iOS ahead of a slated BYO device project.

"The client liked it," Guido says, "but development requires extensive resources so we need to gauge the industry's interest."

Copyright © SC Magazine, Australia


App detects compromised, jailbroken iOS devices
Tags
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 335

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 139

Vote