iOS 9 mitigates, not completely close, AirDrop security hole

It would be delusional to presume that only Android gets hair raising security holes. Even iOS has its own fair share, and one newly discovered bug is almost just as bad. Security researcher Mark Dowd stumbled on an existing exploit in AirDrop, a rather innovative iOS feature that simplifies wireless sharing of files, that could potentially compromise an iPhone and install unauthorized apps, with uses not knowing any better. These potential malware can then harvest private information off the devices or even gain control, replacing even stock iOS apps in the process.

The problem starts from an enterprise feature that Apple actually added to AirDrop, which allowed enterprises to install custom apps on a large number of iPhones under their care. Dowd was able to use the enterprise certificate that Apple itself provides to enterprise app developers in order to bypass iOS' usual security checks, which requires users to confirm AirDrop actions as well as inform them of newly installed apps.

Dowd made a video demonstrating how the bug behaves on iOS 8.4. One caveat to the bug is that AirDrop has to be set to accept transfers from anyone and that the phone has to be rebooted for the malware to take effect, both of which are easily done. While the malware still has to operate within iOS's app sandboxes, limiting what i t can gain access to, AirDrop itself seems to be relatively more free. Plus, even in a sandbox, apps can still gain "authorized" access to contacts, location, camera, and other useful personal information.

iOS 9, which Apple has just started rolling out to users this week, partly addresses the situation but, according to Dowd, hasn't completely fixed the bug yet. AirDrop itself now runs sandboxed in iOS 9, which would prevent malware from writing to system locations. And fortunately, iOS updates are more quickly and more evenly rolled out to all supported devices.

SOURCE: Forbes

VIA: Ars Technica