Attackers with physical access to an unlocked iPhone can use a SandJacking technique to replace a legitimate app...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
with a malicious version of it, which can access sandboxed data from the phone. I read that Apple addressed the issue with a patch, but that the SandJacking technique may have been altered. What's the latest on this technique, and what's the best way to mitigate it?
Once a security researcher or attacker has physical access to a device's hardware and sufficient resources, he will be able to bypass the security on a system. This is what happens in the SandJacking attack -- Chilik Tamir, chief architect of research and development at mobile security firm Mi3 Security, gave a presentation at the Hack In The Box security conference where he was able to load malware on an iPhone without jailbreaking it.
A SandJacking attack can be performed on an unlocked iPhone using a rogue application, a developer certificate for signing the rogue application and a computer. The rogue version of an application would be signed by the developer certificate to replace the legitimate application when the iPhone is connected to the computer. The malicious application would reuse the bundle ID of a legitimate application and other details to make itself look like the legitimate application and give it access to the data in the application sandbox. Tamir also developed a toolkit to automate the attack, but withheld the toolkit until a patch is released by Apple. Apple had patched an earlier version of the SandJacking attack, but Tamir updated the attack to exploit a weakness in how the restore application functionality on iOS worked.
Since there isn't a patch for the current SandJacking attack, enterprises and individuals will need to be diligent about who has physical possession of their iPhones, because anyone with physical possession and the PIN could use this attack. If your enterprise is concerned about this and other attacks from third-party repair companies, it could back up the device's data and do a factory reset to the default OS prior to having it repaired, to ensure no unauthorized access to enterprise data. Stating the obvious, once a patch is available, it should be installed on vulnerable devices.
Find out how a malicious app bypassed the Google Play store security
Learn how expired domains present a way for malicious activity on mobile devices
Read about the best iOS app development tools
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks ...continue reading
How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it ...continue reading
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.