When it comes to the security matters on mobile devices, usually the heavy load of criticism amplified by the mass media goes in the direction of one platform of today’s mobile world. Yes, an overly familiar – Google’s Android is mostly alone on the platter, at least according to statistics from F-Secure Labs. They state that 79% of all mobile malware throughout the 2012 ended up on Google’s mobile platform.
Microsoft’s mobile platforms (Windows Phone & Windows RT) are also occasionally thrown around in general (or niche) criticism as well, but it is mostly unjustified (and due to the "Windows" name, which many still relate with weaknesses to viruses and malware). However, what about the really big player of the mobile market, the iOS? Well, it seems that, jailbroken or not, a whole family of Apple mobile products is, in fact, packed with a security hole – or rather – a feature called Provisioning Profiles.
This potentially alarming flaw was discovered and presented by the company called Skycure Security. These iOS profiles are also known as mobileconfig files, and they are able to change a myriad of system-level settings on any device running the iOS: Wi-Fi, VPN, e-mail settings, APN settings, and many more. What is even worse, by accepting a malicious profile on the device, user actually enables the attacker to remotely control the device – or even reroute the data traffic through his own server.
"Another interesting and hazardous characteristic of malicious profiles is the ability to install root certificates on victims? devices. This makes it possible to seamlessly intercept and decrypt SSL/TLS secure connections, on which most applications rely to transfer sensitive data. A few concrete impact examples include: stealing one?s Facebook, LinkedIn, mail and even bank identities and acting on his/her behalf in these account, potentially creating havoc," the company notes in a blog post.
Thus, the real danger doesn’t come from the relatively safe sandbox environment where apps are nested (and are unable to alter system settings), but rather from an embedded and commonly used feature. Conclusion is simple: Apple?s ?walled-garden? approach is not enough to protect users from severe security issues. Though Skycure is also preparing a firewall-in-a-cloud solution to counter these risks, at the very end it is up to users to make sure they don’t accept and run unverified profiles. Provisioning Profiles will hardly go to history books in the next incarnation of the iOS as app developers, mobile operators and companies use them on a regular basis. In case users find a suspicious profile on their iOS devices, they can contact Skycure at firstname.lastname@example.org and they will run a check until their tool is available.