Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How can users protect mobile devices from SandJacking attacks?

Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.

Attackers with physical access to an unlocked iPhone can use a SandJacking technique to replace a legitimate app...

with a malicious version of it, which can access sandboxed data from the phone. I read that Apple addressed the issue with a patch, but that the SandJacking technique may have been altered. What's the latest on this technique, and what's the best way to mitigate it?

Once a security researcher or attacker has physical access to a device's hardware and sufficient resources, he will be able to bypass the security on a system. This is what happens in the SandJacking attack -- Chilik Tamir, chief architect of research and development at mobile security firm Mi3 Security, gave a presentation at the Hack In The Box security conference where he was able to load malware on an iPhone without jailbreaking it.

A SandJacking attack can be performed on an unlocked iPhone using a rogue application, a developer certificate for signing the rogue application and a computer. The rogue version of an application would be signed by the developer certificate to replace the legitimate application when the iPhone is connected to the computer. The malicious application would reuse the bundle ID of a legitimate application and other details to make itself look like the legitimate application and give it access to the data in the application sandbox. Tamir also developed a toolkit to automate the attack, but withheld the toolkit until a patch is released by Apple. Apple had patched an earlier version of the SandJacking attack, but Tamir updated the attack to exploit a weakness in how the restore application functionality on iOS worked.

Since there isn't a patch for the current SandJacking attack, enterprises and individuals will need to be diligent about who has physical possession of their iPhones, because anyone with physical possession and the PIN could use this attack. If your enterprise is concerned about this and other attacks from third-party repair companies, it could back up the device's data and do a factory reset to the default OS prior to having it repaired, to ensure no unauthorized access to enterprise data. Stating the obvious, once a patch is available, it should be installed on vulnerable devices.

Next Steps

Find out how a malicious app bypassed the Google Play store security

Learn how expired domains present a way for malicious activity on mobile devices

Read about the best iOS app development tools

This was last published in November 2016

Dig Deeper on Mobile security threats and prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has your enterprise's experience been with attacks on sandboxed data?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close