App detects compromised, jailbroken iOS devices

Powered by SC Magazine
 

Don't wait for iOS malware.

An application is in development for security conscious organisations that can detect jailbroken and compromised iOS devices.

The app, dubbed iVerify, is a proactive measure geared to security spooks who refuse to take solace in the fact that attacks against iOS devices have never been reported outside of laboratories. 

iVerify

It works by executing on the device at boot and scanning the firmware for modifications without using traditional signature detection. Any firmware changes are written to an external file for offline analysis.

Speaking from BlackHat Las Vegas, Trail of Bits chief executive and co-founder Dan Guido said attacks on iOS devices were possible, but had not occurred because of the cost of exploitation.

"Noone has ever seen remote attacks on iOS but it has been proven possible," Guido said. "If [attackers] were incentivised correctly, we may see it, but now the cost of iOS exploitation is high."

The incentive is the value of a target's data. If it was attractive enough, Guido says attackers would invest the resources to compromise iOS.

Attacking jailbroken devices was easy, according to Accuvant principal researcher Charlie Miller. Speaking from Black Hat, the famous Apple hacker said modification was a major security risk and such devices should be restricted from enterprise networks.

"Jailbreaking changes the security of the device and removes all of Apple's protections," Miller said. "If [iVerify] can detect that, then it is quite useful."

Detecting common jailbreaks is already possible although Apple has removed its API which made the process easy.

But savvy users could jailbreak devices using more complex methods that would not normally be detected. Here, Guido's app could be an asset.

iVerify is still in early development. It was built for a Trail of Bits client who was concerned about the security risks of iOS ahead of a slated BYO device project.

"The client liked it," Guido says, "but development requires extensive resources so we need to gauge the industry's interest."

Copyright © SC Magazine, Australia


App detects compromised, jailbroken iOS devices
Tags
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 809

Vote