ID: IRCNE2013031785
Date: 2013-03-13
According to “CNet”, Android usually gets smacked around for playing host to mobile malware, but iOS isn't totally immune, according to researchers at Skycure Security.
iOS profiles, aka mobileconfig files, are used by mobile carriers to configure key settings for e-mail, Wi-Fi, and other features. But these files could be abused by attackers to sneak past Apple's normally tight security and and hijack a mobile device, the security firm revealed in a blog post today.
The process would be similar to that of a typical malware infection.
An attacker might tempt users to visit a malicious Web site by promising something for free. To get the free item, the victims are asked to install a mobileconfig file that will set up their devices. That malicious profile then gives the attacker full access to the device.
Like most phishing attacks, the success rate depending on how many people fall for the scam.
But a survey carried out by Skycure found that a number of mobile carriers do ask their users to install mobileconfig files in order to receive access to data plans. That process doesn't always employ tight security, according to Skycure.
The security firm uncovered one such process at several AT&T stores:
In one of the stores, an AT&T salesperson actually took our phone and performed the aforementioned process via a public wi-fi network, which is an easy target for man-in-the-middle attacks.
Those man-in-the-middle attacks can change the mobileconfig file to a malicious version, allowing the device to be compromised. Skycure said it alerted AT&T to the issue and believes the carrier will tighten its process for installing mobileconfig files at its stores.
Skycure also offered three pieces of advice for iOS users downloading mobileconfig files:
1) You should only install profiles from trusted websites or applications.
2) Make sure you download profiles via a secure channel
3) Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise your suspicion
