Trail of Bits has produced iVerify, an iOS app that can allegedly help iPhone owners detect if they has been subjected to hacking attempts, as well as educating users how to better protect themselves.
The iPhone is generally considered to be fairly secure as far as mobile devices go, and it's long been known that iPhones don't suffer from the same issues that Android devices do.
This is largely because apps on the iOS platform are executed in sandboxes, which prevents them from accessing data from other apps. This also prevents them from interfering with iOS files, and unless you jailbreak your phone, you're only able to install verified apps from the App Store onto it. For the most part, this has kept the iOS ecosystem relatively problem free.
Still, that doesn't mean that there haven't been occasional hiccups. In September, a security researcher had developed Checkm8, an exploit in the iPhone boot ROM that allowed for easy jailbreaking.
During the same month, it was revealed that China had been allegedly using a series of hacked websites to exploit iPhone vulnerabilities to track location details of Uyghur Muslims. Anyone visiting the site would have unknowingly had their iPhone attacked in an an attempt to install tracking software.
Dan Guido, founder of Trail of Bits, had a security scare several years back. His partner wasn't able to log into her bank account via the bank's official iOS app, alerting her that her iPhone was not secure, according to Vice
As it turns out, the bank's app was simply not coded well, and had been reporting on false positives. Still, it was enough to convince Dan that a legitimate solution should be implemented.
Dan and his colleagues came up with iVerify, an app that promises to "[make] it easy to manage the security of your accounts and online presence with simple instructional guides."
iVerify works by looking for anomalies in the way the iPhone functions.
"The jailbreak detection is using side channels to figure out information outside of the sandbox. This is like sending up smoke signals out and you're looking at the clouds in the sky through a tiny little window in your room where you've been locked," Guido explained. "And you can read a message about what's going on in the outside world. That's how jailbreak detection works. We found a lot of different signals that are present in the environment that gives us an indication of what's really going on on the phone."
There is an issue with this, though. iVerify, like every other app on the App Store, runs in its own sandboxed environment. This means that the same feature that makes the iPhone secure is the same feature that could make iVerify less effective than one would hope.
For many people, it may still be worth it to check out the app, as iVerify is just as much a tool for learning as it is protection. It teaches users how to guard themselves against hacks and exploits, and tells users when they should be concerned about the security of their device.
In the event of a hack, iVerify shows users what went wrong and how to fix it. This could be especially useful for users who may be a little less tech-savvy, as the app can teach users what to look for in the future as well.
iVerify costs $4.99 and is available in the App Store. The team at Trail of Bits are also planning on licensing the jailbreak detection to companies who want to integrate it into their products or use it on company devices.
6 Comments
There's not reason that Apple itself couldn't do this.
I'll wait for Apple to buy them out.
The risk of an iPhone being jailbroken without the owners knowledge is so low that a $5 app to alert about it doesn’t seem necessary
Seems like a big claim with little information to back it up.