App detects compromised, jailbroken iOS devices

Powered by SC Magazine
 

Don't wait for iOS malware.

An application is in development for security conscious organisations that can detect jailbroken and compromised iOS devices.

The app, dubbed iVerify, is a proactive measure geared to security spooks who refuse to take solace in the fact that attacks against iOS devices have never been reported outside of laboratories. 

iVerify

It works by executing on the device at boot and scanning the firmware for modifications without using traditional signature detection. Any firmware changes are written to an external file for offline analysis.

Speaking from BlackHat Las Vegas, Trail of Bits chief executive and co-founder Dan Guido said attacks on iOS devices were possible, but had not occurred because of the cost of exploitation.

"Noone has ever seen remote attacks on iOS but it has been proven possible," Guido said. "If [attackers] were incentivised correctly, we may see it, but now the cost of iOS exploitation is high."

The incentive is the value of a target's data. If it was attractive enough, Guido says attackers would invest the resources to compromise iOS.

Attacking jailbroken devices was easy, according to Accuvant principal researcher Charlie Miller. Speaking from Black Hat, the famous Apple hacker said modification was a major security risk and such devices should be restricted from enterprise networks.

"Jailbreaking changes the security of the device and removes all of Apple's protections," Miller said. "If [iVerify] can detect that, then it is quite useful."

Detecting common jailbreaks is already possible although Apple has removed its API which made the process easy.

But savvy users could jailbreak devices using more complex methods that would not normally be detected. Here, Guido's app could be an asset.

iVerify is still in early development. It was built for a Trail of Bits client who was concerned about the security risks of iOS ahead of a slated BYO device project.

"The client liked it," Guido says, "but development requires extensive resources so we need to gauge the industry's interest."

Copyright © SC Magazine, Australia


App detects compromised, jailbroken iOS devices
Tags
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote