Featured Research

from universities, journals, and other organizations

Operating system weakness: Security weaknesses in iOS 7 rectified

Date:
October 2, 2013
Source:
The Agency for Science, Technology and Research (A*STAR)
Summary:
Computer scientists have discovered three security weaknesses in iOS 7, which Apple Inc. has now recognized and rectified.

Researchers from the Infocomm Security Department at A*STAR's Institute for Infocomm Research (I2R) and Singapore Management University's (SMU) School of Information Systems have identified three proof-of-concept attacks which can be performed by third-party applications to threaten the security of the iOS platform. The attacks, which include pass-code cracking, interference with or control of telephony functionality and sending tweets without the user's awareness and permission, have been rectified by Apple Inc in its latest operating system, iOS 7.

Apple's iOS operating system is one of the most popular mobile operating systems in terms of the number of users. As of January 2013, 500 million iOS devices have been sold worldwide, and Apple's iTunes App Store has over 800,000 iOS third-party applications with downloads exceeding 40 billion.

Third-party applications are pervasively installed on these iOS devices as they provide various functions that significantly extend the usability of the mobile devices. However, these third-party applications pose potential threats by compromising the personal and business data stored on the devices.

Between June to October 2012, I2R and SMU researchers embarked on a task to unveil a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. The research team constructed multiple proof-of-concept attacks such as cracking the device PIN, blocking incoming calls and posting unauthorised tweets. To overcome these security breaches, the team proposed several mitigation methods to enhance the vetting process and the iOS application sandbox. Apple Inc. was notified of these security vulnerabilities and rectified them for the launch of iOS 7, acknowledging I2R's and SMU's contributions. Please see Appendix A for full information on the three security fixes developed by the I2R and SMU research team in iOS 7.

Security issues:

1. Data Protection

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Apps could bypass passcode-attempt restrictions Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University

2. Telephony

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious apps could interfere with or control telephony functionality Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

3. Twitter

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sandboxed apps could send tweets without user interaction or permission Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon.


Story Source:

The above story is based on materials provided by The Agency for Science, Technology and Research (A*STAR). Note: Materials may be edited for content and length.


Cite This Page:

The Agency for Science, Technology and Research (A*STAR). "Operating system weakness: Security weaknesses in iOS 7 rectified." ScienceDaily. ScienceDaily, 2 October 2013. <www.sciencedaily.com/releases/2013/10/131002102309.htm>.
The Agency for Science, Technology and Research (A*STAR). (2013, October 2). Operating system weakness: Security weaknesses in iOS 7 rectified. ScienceDaily. Retrieved September 17, 2014 from www.sciencedaily.com/releases/2013/10/131002102309.htm
The Agency for Science, Technology and Research (A*STAR). "Operating system weakness: Security weaknesses in iOS 7 rectified." ScienceDaily. www.sciencedaily.com/releases/2013/10/131002102309.htm (accessed September 17, 2014).

Share This



More Computers & Math News

Wednesday, September 17, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Let's Review Apple's Latest iPhone Reviews

Let's Review Apple's Latest iPhone Reviews

Newsy (Sep. 17, 2014) The tech press has shared its thoughts on the latest iterations of Apple's iPhone. We summarize the reactions to help you decide: iPhone 6 or 6 Plus? Video provided by Newsy
Powered by NewsLook.com
2K Drafts Face-Mapping Tech for New Game

2K Drafts Face-Mapping Tech for New Game

AP (Sep. 17, 2014) "NBA 2K15" is angling for a slam dunk with an innovative new way to put players in the game. Gamers will be able to digitally graft lifelike 3D renditions of their faces onto virtual players using the PlayStation 4 and Xbox One cameras. (Sept. 17) Video provided by AP
Powered by NewsLook.com
FBI Finishes $1 Billion Facial Recognition System

FBI Finishes $1 Billion Facial Recognition System

Newsy (Sep. 15, 2014) The FBI announced it plans to make its Next Generation Identification System available to law enforcement, but some privacy advocates are worried. Video provided by Newsy
Powered by NewsLook.com
A+ for Apple iPhone Pre-Sales

A+ for Apple iPhone Pre-Sales

Reuters - Business Video Online (Sep. 15, 2014) Apple says it received a record 4 million first-day pre-orders for its new iPhone 6 and iPhone 6 Plus, pushing delivery dates into October. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

    Technology News



    Save/Print:
    Share:

    Free Subscriptions


    Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

    Get Social & Mobile


    Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

    Have Feedback?


    Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
    Mobile: iPhone Android Web
    Follow: Facebook Twitter Google+
    Subscribe: RSS Feeds Email Newsletters
    Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins