Pages: [1]   Go Down
  Print  
Author Topic: Israeli firm highlights 'mobileconfig' iOS vulnerability  (Read 516 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: March 14, 2013, 03:00:21 pm »

Israeli firm highlights 'mobileconfig' iOS vulnerability


   

   An Israeli firm called Skycure Security has published a report that highlights a potential vulnerability threat to iOS. The report demonstrates how malicious users could circumvent Apple's malware protection via "mobileconfig" files.

   As AppleInsider notes, "Mobileconfig files...are used by cellular carriers, Mobile Device Management solutions, and some mobile applications to configure certain system-level settings for iOS devices, including Wi-Fi, VPN, email, and APN settings." Hackers could exploit a vulnerability in these provisioning profiles and get users to download the hacker's own custom profile and promise that it would give the user access to illegally streamed media from a certain website, for example. Once the malicious profile is on a user's iPhone, the hacker could route all that iPhone's data through their own server.

   While this method of hacking a user's iPhone is only a proof of concept so far, Skycure Security recommends three rules of thumb when deciding to install mobileconfig provisioning profiles:



   
      You should only install profiles from trusted websites or applications.
   
      Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http).
   
      Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise your suspicion.
Israeli firm highlights 'mobileconfig' iOS vulnerability originally appeared on TUAW - The Unofficial Apple Weblog on Thu, 14 Mar 2013 08:00:00 EST.  Please see our terms for use of feeds.Source | Permalink | Email this | Comments

http://www.tuaw.com/2013/03/14/israeli-firm-highlights-mobileconfig-ios-vulnerability/
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: