FireEye has reported that it discovered potentially “backdoored” versions of an ad library which is used in thousands of apps on the Apple App Store. The security firm claims that this particular library allows access to user data and device functionality and has dubbed this exploit iBackDoor.
Apple has had a spate of bad luck of late in terms of security, what with XCodeGhost and more recently, a remote iOS hack which won a $1 million bounty. iBackDoor allows for a lot of functions that can be carried out remotely, such as:
- Capture audio and screenshots
- Monitor and upload device location
- Read/delete/create/modify files in the app’s data container
- Read/write/reset the app’s keychain (e.g., app password storage)
- Post encrypted data to remote servers
- Open URL schemes to identify and launch other apps installed on the device
- “Side-load” non-App Store apps by prompting the user to click an “Install” button
Lots of technical words there but what it boils down to is that someone who exploits this vulnerability will be able to access your iDevice’s data, including your personal information and location, as well as install apps which aren’t actually on the App Store, potentially including other spyware and malware. At the time of publication, FireEye has identified over 2,800 apps which use this particular library. One thing we should remember is that this is currently just a vulnerability, with no reports of it being actually exploited yet.
While we have not observed the ad server deliver any malicious commands intended to trigger the most sensitive capabilities such as recording audio or stealing sensitive data, affected apps periodically contact the server to check for new JavaScript code. At any time, malicious JavaScript code that triggers the backdoors could be posted, and it eventually would be downloaded and executed by affected apps.
Apple has had a rough year indeed, but the company has moved swiftly to fix these issues and we hope they’ll shut this vulnerability down as soon as possible. 2015 will go down as the turning point for mobile security, with Google and top OEMs announcing that they’ll push out monthly security updates to their Android devices.
[button link=”https://www.fireeye.com/blog/threat-research/2015/11/ibackdoor_high-risk.html” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: FireEye[/button]Last Updated on November 27, 2018.
