RALEIGH, N.C. – An international team of computer science researchers found vulnerabilities in the iPhone and iPad operating system.
The system used in Apple’s iPhone and iPad devices, iOS, has serious security vulnerabilities, the research found.
William Enck, North Carolina State University associate professor, is a co-author of a paper describing the work.
Professor Enck said, “Our goal was to identify any potential problems before they became real-world problems.”
The researchers focused on the iOS’s “sandbox” which serves as the interface between applications and the iOS. The sandbox uses a profile for every third-party app and the profile controls the information that the app has access to.
Researchers extracted the compiled binary code of the sandbox profile in order to see if it had vulnerabilities.
Next, they decompiled the code so humans could read it.
Once they had the decompiled code, they used it to make a model of the profile and ran tests in that model to identify the potential vulnerabilities.
Researchers found vulnerabilities that could lead to many attacks via third-party apps.
Those attacks include:
• Methods of bypassing the iOS’s privacy settings for contacts
• Methods of learning a user’s location search history
• Methods of inferring sensitive information (such as when photos were taken) by accessing metadata of system files
• Methods of obtaining the user’s name and media library
• Methods of consuming disk storage space that cannot be recovered by uninstalling the malicious app
• Methods of preventing access to system resources, such as the address book
• Methods that allow apps to share information with each other without permission
The researchers have reached out to Apple with their findings and Professor Enck says Apple is working on fixing the security flaws.