iOS 9, OS X El Capitan close serious AirDrop vulnerability allowing malware infections

AppleInsiderAppleInsider
Posted:
in iPhone edited September 2015
iOS 9 and the forthcoming OS X El Capitan address a vulnerability in Apple's AirDrop feature that could allow malware infections and the theft of sensitive data, according to a security researcher.




The technique bypasses Apple's security using a spoofed enterprise certificate, and can potentially be used against anyone within AirDrop range, Azimuth Security's Mark Dowd told Forbes. The attack forces the installation of a provisioning profile, and can alter iOS' Springboard to convince a device that the fake certificate is already trusted. This allows malware files to be copied to a directory for third-party apps -- a demonstration by Dowd further replaced Apple's native Phone app.

A hacker could use the technique even if the victim chooses to reject the AirDrop transfer. There's also no immediate evidence of harm, since a device has to be rebooted before an attack is complete.



Sandboxing should generally restrict the amount of damage any malware can do, but if coded with the right entitlements it could do things like fetch contacts and location information, or make use of a device's camera. More clever hackers could code an app able to exploit an unknown kernel vulnerability and assume full system control.

Neither iOS 9 nor El Capitan completely solve the vulnerability, Dowd said, but iOS 9 imposes an extra sandbox on AirDrop, preventing files from writing to arbitrary folders. Dowd cautioned that the flaw may also be exploitable in apps outside of AirDrop, though he is not offering details until a patch is ready.

iOS 9 was released on Wednesday, but OS X will remain exposed until El Capitan ships on Sept. 30. In the meantime, the best defense is reportedly to disable AirDrop entirely.

Comments

  • Reply 1 of 10
    paxmanpaxman Posts: 4,729member
    Good to see Apple is giving Airdrop some love. It must be Apple's flakiest service. Hopefully it will improve with IOS9 / El Capitan. My go to app is Photosync for images and video.
  • Reply 2 of 10
    flashfan207flashfan207 Posts: 291member
    paxman wrote: »
    Good to see Apple is giving Airdrop some love. It must be Apple's flakiest service. Hopefully it will improve with IOS9 / El Capitan. My go to app is Photosync for images and video.

    Yeah, I agree. I love AirDrop's functionality, but it glitches far too often for it to be completely reliable with all my content. As a sidenote, it has been particularly weird for me today getting used to the San Fransisco font again.
  • Reply 3 of 10
    nagrommenagromme Posts: 2,834member
    The Forbes stpry says you're safe if you have Airdrop Off.

    What about if you have it set to Contacts Only? Are you then vulnerable ONLY to attacks from Contacts (which I can tolerate) or is that enough to open you up to strangers too? Seems like a weird detail to omit from the story.
  • Reply 4 of 10
    paxmanpaxman Posts: 4,729member
    flashfan207 wrote: »
    Yeah, I agree. I love AirDrop's functionality, but it glitches far too often for it to be completely reliable with all my content. As a sidenote, it has been particularly weird for me today getting used to the San Fransisco font again.
    For me it is always very slow to recognize others on my network and more often than not it finds nobody. Photosync is dead reliable and has been for years. It also lets you upload to any of a ton of cloud servers. I don't use any other feature than transfers within a given network but I honestly can't fault it, so until AirDrop becomes rock solid Ill be sticking to PhotoSync.
  • Reply 5 of 10
    redefilerredefiler Posts: 323member

    A security researcher who is holding back details until a patch is available.

    Gunna have to remember this guy's name as one of the good ones.

  • Reply 6 of 10
    kpluckkpluck Posts: 500member

    Quote:


    iOS 9, OS X El Capitan close serious AirDrop vulnerability allowing malware infections


     

    Quote:

    Originally Posted by AppleInsider View Post



    Neither iOS 9 nor El Capitan completely solve the vulnerability, Dowd said....

     

    LOL...classic AppleInsider

     

    -KeithP

  • Reply 7 of 10
    cmfcmf Posts: 66member
    Quote:
    Originally Posted by nagromme View Post



    The Forbes stpry says you're safe if you have Airdrop Off.



    What about if you have it set to Contacts Only? Are you then vulnerable ONLY to attacks from Contacts (which I can tolerate) or is that enough to open you up to strangers too? Seems like a weird detail to omit from the story.



    I think that (Contacts Only) will prevent you becoming a target, but don't quote me on that, not entirely sure. I don't have AirDrop on when I'm not near my Mac, so this isn't something I need to really get worried about.

  • Reply 8 of 10
    dacloodacloo Posts: 890member
    that is a fucked up vulnerability
  • Reply 9 of 10
    winsoftwinsoft Posts: 4member
    My company had the same concern as I am reading here. We cannot afford having access to certain employees%u2019 Contacts. Although the App store has over 1M Apps, we could not find any App that protects our address book data. We studied the subject and decided to invest and develop our own App %u2013 called ContactShield. It is the ONLY App that protects your Contacts on iPhone, iPad, Exchange, Google, Yahoo and other cloud services, at the same time. You can choose which contacts to protect (256 bits encryption) so that other Apps, strangers or hackers cannot use it. Enjoy!
  • Reply 10 of 10
    damn_its_hotdamn_its_hot Posts: 1,209member
    Quote:

    Originally Posted by dacloo View Post



    that is a fucked up vulnerability



    as opposed to a "quite nice" vulnerability? ¡

Sign In or Register to comment.