A recently announced iOS flaw allows an attacker to install malware on a target device with AirDrop enabled through...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
a directory traversal attack. How does this threat work? What is the best way to stop directory traversal attacks? And are other mobile file-transfer applications vulnerable to this threat?
Security researcher Mark Dowd discovered a vulnerability in AirDrop that allowed him to install malware on a device. He presented his findings during a conference at Ruxcon 2015 in Melbourne, Australia, and demonstrated the vulnerability in a video. The vulnerability is a classic race condition, where permissions are required to do something, but the software does not confirm the permission was received before performing the requested action. A directory traversal attack is performed when the attacker takes advantage of this lack of permission validation on AirDrop, and uses the feature to access another user's Apple device.
AirDrop is a feature that allows iOS and OS X users to share photos, videos, locations, and other data with nearby Apple devices via Wi-Fi. It sounds like a useful feature, but it also poses the potential risk of granting unauthorized access to someone's Apple device and data. AirDrop is not enabled by default, but when enabled on iOS or OS X, it opens a device to this significant vulnerability. Fortunately, the AirDrop vulnerability has been patched as of October 2015, but directory traversal attacks of this kind are still a threat to enterprises. Apple explained in its iOS 9 security guide that an enterprise can control the AirDrop configurations with a mobile device management tool; an MDM product that can safely configure or disable AirDrop on corporate devices and systems is the best approach for enterprises.
Secure software development practices at Apple appear to be lagging behind the state of software security, according to the Building Security In Maturity Model project. Current best practices for secure software development from BSIMM could be used by software developers to prevent future directory traversal attacks. The Attack Models and Security Features & Design sections from the BSIMM can help identify similar vulnerabilities, and design the necessary security checks to prevent those vulnerabilities.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read more on the KeyRaider iOS malware that targets jailbroken devices
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.