A recently announced iOS flaw allows an attacker to install malware on a target device with AirDrop enabled through a directory traversal attack. How does this threat work? What is the best way to stop directory traversal attacks? And are other mobile file-transfer applications vulnerable to this threat?
Security researcher Mark Dowd discovered a vulnerability in AirDrop that allowed him to install malware on a device. He presented his findings during a conference at Ruxcon 2015 in Melbourne, Australia, and demonstrated the vulnerability in a video. The vulnerability is a classic race condition, where permissions are required to do something, but the software does not confirm the permission was received before performing the requested action. A directory traversal attack is performed when the attacker takes advantage of this lack of permission validation on AirDrop, and uses the feature to access another user's Apple device.
AirDrop is a feature that allows iOS and OS X users to share photos, videos, locations, and other data with nearby Apple devices via Wi-Fi. It sounds like a useful feature, but it also poses the potential risk of granting unauthorized access to someone's Apple device and data. AirDrop is not enabled by default, but when enabled on iOS or OS X, it opens a device to this significant vulnerability. Fortunately, the AirDrop vulnerability has been patched as of October 2015, but directory traversal attacks of this kind are still a threat to enterprises. Apple explained in its iOS 9 security guide that an enterprise can control the AirDrop configurations with a mobile device management tool; an MDM product that can safely configure or disable AirDrop on corporate devices and systems is the best approach for enterprises.
Secure software development practices at Apple appear to be lagging behind the state of software security, according to the Building Security In Maturity Model project. Current best practices for secure software development from BSIMM could be used by software developers to prevent future directory traversal attacks. The Attack Models and Security Features & Design sections from the BSIMM can help identify similar vulnerabilities, and design the necessary security checks to prevent those vulnerabilities.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read more on the KeyRaider iOS malware that targets jailbroken devices
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading