Vulnerability Discovered In iPhone - Poses Serious Threat To Users



Another vulnerability has been discovered on iPhone that could allow hackers to remotely control it. Skycure, an Israeli company, states it to be a major flaw in iOS configuration which could post a malware threat.

A file known as mobileconf is being attacked due to this vulnerability. This file is used by phones carriers to configure system-level settings including WiFi, VPN, email and APN.

Skycure's CEO, Adi Sharabani, has taken the exploit to a test drive to explain how an iPhone can be controlled while retrieving victim's location and other sensitive information.




Ways to get infected:


  1. Victims browse to an attacker-controlled website, which promises them free access to popular movies and TV-shows. In order to get the free access, “all they have to do” is to install an iOS profile that will “configure” their devices accordingly.
  2. Victims receive a mail that promises them a “better battery performance” or just “something cool to watch” upon installation.




To avoid this attack one must follow these rules:


  • You should only install profiles from trusted websites or applications.
  • Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http).
  • Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise you suspicion.

Cheers!

About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.