- Jun 9, 2013
- 6,720
Apple has yet to fix a vulnerability which could allow attackers to replace regular apps with rogue versions without the user’s knowledge.
Chilik Tamir from security vendor Mi3 Security disclosed the bug at the Hack in the Box conference in Amsterdam last week and has been told by Cupertino that it is working on a patch, although so far none has been forthcoming, according to reports.
Tamir demoed a similar attack at Black Hat Asia at the end of March. Using a self-built tool dubbed ‘Su-A-Cyder’ he showed how an attacker could replace legitimate apps developed with Xcode7 – an iOS IDE. Anyone can apparently get an Xcode7 developer’s certificate as long as they can produce an email address and Apple ID.
If the malicious replacement app has the same bundle ID as the original it could be downloaded onto a victim’s device – allowing an attacker to carry out a potentially wide range of malicious activities without the user's knowledge
Apple’s iOS 8.3 release blocked this attack route by preventing any app upgrades if the files don’t match.
However, in Amsterdam last week, Tamir apparently showed a way to circumvent this mitigation with SandJacking – a new technique in which an attacker with access to a victim’s device initiates a back-up, then deletes the original app, before loading the malicious replacement and restoring the device from back-up.
Full Article. SandJacking Attack Can Replace iOS Apps with Malicious Versions
Chilik Tamir from security vendor Mi3 Security disclosed the bug at the Hack in the Box conference in Amsterdam last week and has been told by Cupertino that it is working on a patch, although so far none has been forthcoming, according to reports.
Tamir demoed a similar attack at Black Hat Asia at the end of March. Using a self-built tool dubbed ‘Su-A-Cyder’ he showed how an attacker could replace legitimate apps developed with Xcode7 – an iOS IDE. Anyone can apparently get an Xcode7 developer’s certificate as long as they can produce an email address and Apple ID.
If the malicious replacement app has the same bundle ID as the original it could be downloaded onto a victim’s device – allowing an attacker to carry out a potentially wide range of malicious activities without the user's knowledge
Apple’s iOS 8.3 release blocked this attack route by preventing any app upgrades if the files don’t match.
However, in Amsterdam last week, Tamir apparently showed a way to circumvent this mitigation with SandJacking – a new technique in which an attacker with access to a victim’s device initiates a back-up, then deletes the original app, before loading the malicious replacement and restoring the device from back-up.
Full Article. SandJacking Attack Can Replace iOS Apps with Malicious Versions
