An application is in development for security conscious organisations that can detect jailbroken and compromised iOS devices.
The app, dubbed iVerify, is a proactive measure geared to security spooks who refuse to take solace in the fact that attacks against iOS devices have never been reported outside of laboratories.
It works by executing on the device at boot and scanning the firmware for modifications without using traditional signature detection. Any firmware changes are written to an external file for offline analysis.
Speaking from BlackHat Las Vegas, Trail of Bits chief executive and co-founder Dan Guido said attacks on iOS devices were possible, but had not occurred because of the cost of exploitation.
"Noone has ever seen remote attacks on iOS but it has been proven possible," Guido said. "If [attackers] were incentivised correctly, we may see it, but now the cost of iOS exploitation is high."
The incentive is the value of a target's data. If it was attractive enough, Guido says attackers would invest the resources to compromise iOS.
Attacking jailbroken devices was easy, according to Accuvant principal researcher Charlie Miller. Speaking from Black Hat, the famous Apple hacker said modification was a major security risk and such devices should be restricted from enterprise networks.
"Jailbreaking changes the security of the device and removes all of Apple's protections," Miller said. "If [iVerify] can detect that, then it is quite useful."
Detecting common jailbreaks is already possible although Apple has removed its API which made the process easy.
But savvy users could jailbreak devices using more complex methods that would not normally be detected. Here, Guido's app could be an asset.
iVerify is still in early development. It was built for a Trail of Bits client who was concerned about the security risks of iOS ahead of a slated BYO device project.
"The client liked it," Guido says, "but development requires extensive resources so we need to gauge the industry's interest."