Latest iOS "malware" is easy to detect and avoid

Credit: marc falardeau via Flickr

Researchers at Skycure, a security company that is developing a mobile firewall product, announced the discovery of what they describe as security flaw that could "be used by malicious attackers to circumvent Apple’s security model and perform significant damage to their victims."

In a company blog post, Skycure stated the following:

As I’ll further discuss in this post, there is another way to create havoc on one's device, which may be comparable to sophisticated malware, without actually installing a program on the device.

Google Has An Opportunity To Get Serious About Android Security
CITE Goes Live! Register for the CITE Conference & Expo, June 2-4, in San Francisco.

The post goes on to describe how what it calls malicious iOS "provisioning profiles" can be installed by users via a phishing attack and can be used to reroute traffic to malicious servers, monitor a wide array of device and user activity, and install root certificates. Skycure goes on to say that many carriers, including AT&T's pre-paid service, require users to install legitimate profiles that may be downloaded from unsecure websites to configure data service on iPhones and iPads with cellular support. The company demonstrated the impact of malicious profiles for The Next Web's Matthew Panzarino.

All of this certainly seems very serious and frightening -- and it is serious, but it doesn't need to be frightening for users, IT leaders, or businesses. In fact, IT departments can take actions today to prevent or mitigate risk with a few easy steps using freely available software from Apple or third-party mobile management solutions.

What are configuration and provisioning profiles?

First off, Skycure is using the phrase "provisioning profiles" incorrectly. Profiles to configure iOS devices fall into two categories: configuration profiles and provisioning profiles. Configuration profiles, which Skycure is primarily describing, are designed to allow IT departments to configure a range of iOS features and to apply restrictions and security policies. Provisioning profiles are used to install security certificates that are associated with Apple's iOS developer program and that allow a device to run internal enterprise apps not sold through the App Store or to test beta releases apps from a developer.

Configuration profiles were introduced into iOS in 2008 with iOS 2 -- along with the iPhone 3G, App Store, and support for Exchange Active Sync. Apple created the iPhone Configuration Utility (available Macs and Windows PCs) to allow IT departments to do three key tasks:

• Pre-configure a range of device settings for users like Exchange or email server/accounts, corporate Wi-Fi, web bookmarks, carrier settings and so forth.
• Enforce passcode policies
• Restrict access to various iPhone features like the camera, the ability to buy content or apps, prevent launching of built-in apps like Safari and YouTube.

The iPhone Configuration Utility makes it relatively simple for IT professionals (or anyone else) to create configuration profiles and install them onto a device attached to the Mac or PC running the utility. The profiles can also be emailed to a user or put on a website from which users can download and install the profiles.