Malicious AirDrop attacks all pre-iOS 9 Apple Devices

With the help of a vulnerability linked to the popular file-transfer feature AirDrop, malevolent applications can be installed on millions of Apple devices after replacing all the authentic apps. This vulnerability is moderated in iOS 9, which is available to the public now, is not fully secure. Nevertheless, the fans have insisted to upgrade it.

The main drawback of AirDrop lies in its file-sharing function and allows the apps to get installed on devices running iOS 7 and above. It requires only an AirDrop enabled iOS device to spread the malicious apps among iOS devices. This flaw has been reported to Cupertino and says malicious apps can be installed irrespective of an AirDrop sharing request is accepted or not. This flaw allows Apps like Mail or Phone to get replaced and does not rely on memory corruption.

According to further research, it has been found that this flaw together with other iOS tricks can be installed on Apple devices with an arbitrary app signed with his enterprise certificate. Apple's code-signing can also be bypassed with the TaiG jailbreak, but only for devices running iOS 8.4 and below. This course of attack has also been used before in the so-called Masque attacks affecting devices running on iOS 8.1.3 and below. Such attacks make the victims agree to the installation process before the apps, which are already installed, could be replaced. The key factor of this attack is that it does not require anything other than activation and connection of AirDrop devices. The users who reject any request to install apps from AirDrop can still be hoaxed. AirDrop cannot be activated by default, though it is used by many Apple customers.

According to eScan research, it seems that OS X and iOS applications are probably vulnerable. Thus the phones that are compromised get rebooted first so that the new app gets detected by services instructing to scan the device during boot. There are millions of iOS users in the world now and they should be aware of AirDrop attacks.

Comments