Last week, F-Security released a report showing that Android wins over iOS in one important category: malware. Apple has done such a good job of keeping users protected from easy invasion of malicious content that it only generates 0.7 percent (that’s less than 1 percent, folks) of all mobile malware. That doesn’t mean the operating system is safe from a massive attack from creepy creepers. Security firm Skycure pointed out a very easy way that malicious software could make its way onto your iOS device.
Skycure is a security company that specializes in mobile firewall protection designed to safeguard devices from malware attacks. The company recently detailed Apple’s iOS vulnerability at the Herzliya Conference and posted the information on their website.
According to The Next Web, Skycure claims that Provisioning Profiles are iOS’ weak spot. App developers will know that Provisioning Profiles, or mobileconfigs, are small files that are installed on a device and allow alteration of settings, including network configurations. App reviewers regularly have mobileconfigs installed on their device for purposes of early access to beta versions of apps.
Provisioning Profiles are legitimate programs approved by Apple and aren’t malicious by themselves. However, because they allow outside access from another source, they allow a device to be vulnerable to mischievous actions, like the ability to read usernames and passwords, and then transfer the information to a malicious server.
Skycure’s CTO Yair Amit and CEO Adi Sharabani demonstrated how this could happen by showing TNW writer Matthew Panzarino a specially designed Provisioning Profile link and then actively reading his browsing activity on his iOS device remotely.
When you see it in action, it sure does seem scary.
Sharabani also offered some scenerios that a user could encounter that may allow access to their device, and ultimately a malicious attack.
First, a user could come across a website that offers free access to popular TV shows and movies, and all the user has to do is install an iOS profile that will configure their device.
The attacks can be configured using a VPN, APN proxy or wireless proxy (Wi-Fi), and the installed profile can send your activity to a third-party.
Some companies require a Provisioning Profile for certain services. AT&T, for example, asks clients to install a special profile that configures their device to work with their networks data servers. This is not a problem unless the profile is not installed using a secure connection. A public Wi-Fi network, for example, could open users to an attack.
The key is to be aware of what Provisioning Profile you are installing. If it seems to good to be true, it probably is. Sharabani told TNW that awareness is the most important way to avoid an attack. Just like phishing, a Provisioning Profile attack requires the user to act on something. You wouldn’t download a file from an unknown source. Don’t install a profile from a random website promising free content.