Featured Research

from universities, journals, and other organizations

Operating system weakness: Security weaknesses in iOS 7 rectified

Date:
October 2, 2013
Source:
The Agency for Science, Technology and Research (A*STAR)
Summary:
Computer scientists have discovered three security weaknesses in iOS 7, which Apple Inc. has now recognized and rectified.

Researchers from the Infocomm Security Department at A*STAR's Institute for Infocomm Research (I2R) and Singapore Management University's (SMU) School of Information Systems have identified three proof-of-concept attacks which can be performed by third-party applications to threaten the security of the iOS platform. The attacks, which include pass-code cracking, interference with or control of telephony functionality and sending tweets without the user's awareness and permission, have been rectified by Apple Inc in its latest operating system, iOS 7.

Apple's iOS operating system is one of the most popular mobile operating systems in terms of the number of users. As of January 2013, 500 million iOS devices have been sold worldwide, and Apple's iTunes App Store has over 800,000 iOS third-party applications with downloads exceeding 40 billion.

Third-party applications are pervasively installed on these iOS devices as they provide various functions that significantly extend the usability of the mobile devices. However, these third-party applications pose potential threats by compromising the personal and business data stored on the devices.

Between June to October 2012, I2R and SMU researchers embarked on a task to unveil a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. The research team constructed multiple proof-of-concept attacks such as cracking the device PIN, blocking incoming calls and posting unauthorised tweets. To overcome these security breaches, the team proposed several mitigation methods to enhance the vetting process and the iOS application sandbox. Apple Inc. was notified of these security vulnerabilities and rectified them for the launch of iOS 7, acknowledging I2R's and SMU's contributions. Please see Appendix A for full information on the three security fixes developed by the I2R and SMU research team in iOS 7.

Security issues:

1. Data Protection

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Apps could bypass passcode-attempt restrictions Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University

2. Telephony

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious apps could interfere with or control telephony functionality Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

3. Twitter

Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sandboxed apps could send tweets without user interaction or permission Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon.


Story Source:

The above story is based on materials provided by The Agency for Science, Technology and Research (A*STAR). Note: Materials may be edited for content and length.


Cite This Page:

The Agency for Science, Technology and Research (A*STAR). "Operating system weakness: Security weaknesses in iOS 7 rectified." ScienceDaily. ScienceDaily, 2 October 2013. <www.sciencedaily.com/releases/2013/10/131002102309.htm>.
The Agency for Science, Technology and Research (A*STAR). (2013, October 2). Operating system weakness: Security weaknesses in iOS 7 rectified. ScienceDaily. Retrieved October 23, 2014 from www.sciencedaily.com/releases/2013/10/131002102309.htm
The Agency for Science, Technology and Research (A*STAR). "Operating system weakness: Security weaknesses in iOS 7 rectified." ScienceDaily. www.sciencedaily.com/releases/2013/10/131002102309.htm (accessed October 23, 2014).

Share This



More Computers & Math News

Thursday, October 23, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Chameleon Camouflage to Give Tanks Cloaking Capabilities

Chameleon Camouflage to Give Tanks Cloaking Capabilities

Reuters - Innovations Video Online (Oct. 22, 2014) — Inspired by the way a chameleon changes its colour to disguise itself; scientists in Poland want to replace traditional camouflage paint with thousands of electrochromic plates that will continuously change colour to blend with its surroundings. The first PL-01 concept tank prototype will be tested within a few years, with scientists predicting that a similar technology could even be woven into the fabric of a soldiers' clothing making them virtually invisible to the naked eye. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Internet of Things Aims to Smarten Your Life

Internet of Things Aims to Smarten Your Life

AP (Oct. 22, 2014) — As more and more Bluetooth-enabled devices are reaching consumers, developers are busy connecting them together as part of the Internet of Things. (Oct. 22) Video provided by AP
Powered by NewsLook.com
Free Math App Is A Teacher's Worst Nightmare

Free Math App Is A Teacher's Worst Nightmare

Newsy (Oct. 22, 2014) — New photo-recognition software from MicroBlink, called PhotoMath, solves linear equations and simple math problems with step-by-step results. Video provided by Newsy
Powered by NewsLook.com
Rate Hike Worries Down on Inflation Data

Rate Hike Worries Down on Inflation Data

Reuters - Business Video Online (Oct. 22, 2014) — Inflation remains well under control according to the latest consumer price index, giving the Federal Reserve more room to keep interest rates low for awhile. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins