App detects compromised, jailbroken iOS devices

Powered by SC Magazine
 

Don't wait for iOS malware.

An application is in development for security conscious organisations that can detect jailbroken and compromised iOS devices.

The app, dubbed iVerify, is a proactive measure geared to security spooks who refuse to take solace in the fact that attacks against iOS devices have never been reported outside of laboratories. 

iVerify

It works by executing on the device at boot and scanning the firmware for modifications without using traditional signature detection. Any firmware changes are written to an external file for offline analysis.

Speaking from BlackHat Las Vegas, Trail of Bits chief executive and co-founder Dan Guido said attacks on iOS devices were possible, but had not occurred because of the cost of exploitation.

"Noone has ever seen remote attacks on iOS but it has been proven possible," Guido said. "If [attackers] were incentivised correctly, we may see it, but now the cost of iOS exploitation is high."

The incentive is the value of a target's data. If it was attractive enough, Guido says attackers would invest the resources to compromise iOS.

Attacking jailbroken devices was easy, according to Accuvant principal researcher Charlie Miller. Speaking from Black Hat, the famous Apple hacker said modification was a major security risk and such devices should be restricted from enterprise networks.

"Jailbreaking changes the security of the device and removes all of Apple's protections," Miller said. "If [iVerify] can detect that, then it is quite useful."

Detecting common jailbreaks is already possible although Apple has removed its API which made the process easy.

But savvy users could jailbreak devices using more complex methods that would not normally be detected. Here, Guido's app could be an asset.

iVerify is still in early development. It was built for a Trail of Bits client who was concerned about the security risks of iOS ahead of a slated BYO device project.

"The client liked it," Guido says, "but development requires extensive resources so we need to gauge the industry's interest."

Copyright © SC Magazine, Australia


App detects compromised, jailbroken iOS devices
Tags
 
 
 
Top Stories
Photos: Global Switch opens Sydney East data centre
First stage opened, to some fanfare.
 
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  7%
 
Insider threats
  11%
TOTAL VOTES: 463

Vote