iOS 9 and the forthcoming OS X El Capitan address a vulnerability in Apple's AirDrop feature that could allow malware infections and the theft of sensitive data, according to a security researcher.
The technique bypasses Apple's security using a spoofed enterprise certificate, and can potentially be used against anyone within AirDrop range, Azimuth Security's Mark Dowd told Forbes. The attack forces the installation of a provisioning profile, and can alter iOS' Springboard to convince a device that the fake certificate is already trusted. This allows malware files to be copied to a directory for third-party apps — a demonstration by Dowd further replaced Apple's native Phone app.
A hacker could use the technique even if the victim chooses to reject the AirDrop transfer. There's also no immediate evidence of harm, since a device has to be rebooted before an attack is complete.
Sandboxing should generally restrict the amount of damage any malware can do, but if coded with the right entitlements it could do things like fetch contacts and location information, or make use of a device's camera. More clever hackers could code an app able to exploit an unknown kernel vulnerability and assume full system control.
Neither iOS 9 nor El Capitan completely solve the vulnerability, Dowd said, but iOS 9 imposes an extra sandbox on AirDrop, preventing files from writing to arbitrary folders. Dowd cautioned that the flaw may also be exploitable in apps outside of AirDrop, though he is not offering details until a patch is ready.
iOS 9 was released on Wednesday, but OS X will remain exposed until El Capitan ships on Sept. 30. In the meantime, the best defense is reportedly to disable AirDrop entirely.
10 Comments
Good to see Apple is giving Airdrop some love. It must be Apple's flakiest service. Hopefully it will improve with IOS9 / El Capitan. My go to app is Photosync for images and video.
[quote name="paxman" url="/t/188296/ios-9-os-x-el-capitan-close-serious-airdrop-vulnerability-allowing-malware-infections#post_2777922"]Good to see Apple is giving Airdrop some love. It must be Apple's flakiest service. Hopefully it will improve with IOS9 / El Capitan. My go to app is Photosync for images and video.[/quote] Yeah, I agree. I love AirDrop's functionality, but it glitches far too often for it to be completely reliable with all my content. As a sidenote, it has been particularly weird for me today getting used to the San Fransisco font again.
The Forbes stpry says you're safe if you have Airdrop Off. What about if you have it set to Contacts Only? Are you then vulnerable ONLY to attacks from Contacts (which I can tolerate) or is that enough to open you up to strangers too? Seems like a weird detail to omit from the story.
[quote name="FlashFan207" url="/t/188296/ios-9-os-x-el-capitan-close-serious-airdrop-vulnerability-allowing-malware-infections#post_2777930"] Yeah, I agree. I love AirDrop's functionality, but it glitches far too often for it to be completely reliable with all my content. As a sidenote, it has been particularly weird for me today getting used to the San Fransisco font again.[/quote] For me it is always very slow to recognize others on my network and more often than not it finds nobody. Photosync is dead reliable and has been for years. It also lets you upload to any of a ton of cloud servers. I don't use any other feature than transfers within a given network but I honestly can't fault it, so until AirDrop becomes rock solid Ill be sticking to PhotoSync.
A security researcher who is holding back details until a patch is available.
Gunna have to remember this guy's name as one of the good ones.