Researchers at FireEye discovered a “rare” loophole in iOS that could have allowed attackers to distribute malware through the App Store.
‘Ins0mnia’, which has since been patched by Apple in iOS 8.4.1, allowed a potentially malicious application to run permanently in the background, accessing data and performing other tasks, even if a user closed the app and it was no longer visible in the task switcher.
iPhone and iPad apps can only run in the background for roughly three minutes before the application is terminated by iOS. This safeguard allows apps with legitimate permission to access functions to perform tasks, while preventing others from eavesdropping.
However Ins0mnia tricked iOS into believing the device was being debugged, meaning the time limit never expired. A piece of malware could have stolen information and sent it to a remote server without a user’s knowledge – not only compromising privacy, but harming performance and draining battery life.
“To fool iOS, a malicious application could leverage ptrace, and utilize the ptrace code that handled the PT_TRACE_ME request to set the flag P_LTRACED and gracefully return 0,” explained FireEye. “By setting the P_LTRACED flag, the application prevented the assertiond process from suspending the malicious application. Note that PT_TRACE_ME was a request made by the traced process to declare that it expected to be traced by its parent.
“We also noticed that an application did not need the get-task-allow entitlement to be set to true, nor did it need any other special entitlements or background modes. Unlike other known iOS malware that runs only on jailbroken devices, or must be distributed with Apple Enterprise Certificates, a hypothetical Ins0mnia malware didn’t require anything not allowed by Apple. We believe that such an application had a high probability of passing the Apple Store review, making it a rare loophole for an attacker to distribute malware within Apple’s walled garden.”
While Apple has fixed the vulnerability in question, the company’s attitude towards security has come under scrutiny in recent months following claims Apple has known about major zero-day flaws for months in both iOS and Mac OS X without taking action.
However in general, iOS is considered a far safer platform than Android because of the “walled garden” referred to be FireEye. Apple vets every application that is submitted to the App Store but as recent events have shown, some apps are capable of slipping through the net.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…