How can a directory traversal attack be mitigated?

A new iOS flaw could allow attackers to conduct directory traversal attacks on AirDrop-enabled devices. Nick Lewis explains how enterprises should handle the threat.

A recently announced iOS flaw allows an attacker to install malware on a target device with AirDrop enabled through a directory traversal attack. How does this threat work? What is the best way to stop directory traversal attacks? And are other mobile file-transfer applications vulnerable to this threat?

Security researcher Mark Dowd discovered a vulnerability in AirDrop that allowed him to install malware on a device. He presented his findings during a conference at Ruxcon 2015 in Melbourne, Australia, and demonstrated the vulnerability in a video. The vulnerability is a classic race condition, where permissions are required to do something, but the software does not confirm the permission was received before performing the requested action. A directory traversal attack is performed when the attacker takes advantage of this lack of permission validation on AirDrop, and uses the feature to access another user's Apple device.

AirDrop is a feature that allows iOS and OS X users to share photos, videos, locations, and other data with nearby Apple devices via Wi-Fi. It sounds like a useful feature, but it also poses the potential risk of granting unauthorized access to someone's Apple device and data. AirDrop is not enabled by default, but when enabled on iOS or OS X, it opens a device to this significant vulnerability. Fortunately, the AirDrop vulnerability has been patched as of October 2015, but directory traversal attacks of this kind are still a threat to enterprises. Apple explained in its iOS 9 security guide that an enterprise can control the AirDrop configurations with a mobile device management tool; an MDM product that can safely configure or disable AirDrop on corporate devices and systems is the best approach for enterprises.

Secure software development practices at Apple appear to be lagging behind the state of software security, according to the Building Security In Maturity Model project. Current best practices for secure software development from BSIMM could be used by software developers to prevent future directory traversal attacks. The Attack Models and Security Features & Design sections from the BSIMM can help identify similar vulnerabilities, and design the necessary security checks to prevent those vulnerabilities.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Discover how the Masque attack exploits an iOS security flaw

Read more on the KeyRaider iOS malware that targets jailbroken devices

Find out how YiSpecter iOS malware affects non-jailbroken devices

This was last published in March 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal