Site icon IT World Canada

Understanding Cybersecurity on Smartphones (UCSph) Part 1

Skycure graphic

The smartphone is one of the most remarkable inventions in contemporary human history and is currently the most widely utilized electronic device globally. Its evolution has transformed modern communication technology, allowing us to communicate efficiently and instantly across vast distances worldwide. This series delves into the historical evolution of the modern smartphone, shedding light on its significant contributions and addressing cybersecurity-related concerns associated with smartphones and their diverse applications (apps).

The previous series, entitled Understanding Android Malware Families (UAMF), showcased six articles focusing on Android malware’s primary categories and families, guiding readers to understand the threats’ behavior and explore mitigation procedures. It presented the findings of our ongoing Android malware analysis research project initiated in 2017, which included the creation of four datasets—AAGM2017, AndMAl2017, InvestAndMAl2019, and AndMal2020. The series also encompassed related academic articles proposing solutions and techniques for detecting and characterizing Android malware.

In this series, Understanding Cybersecurity on Smartphones (UCSSph), we will conduct an in-depth analysis of various smartphone operating systems, including iPhone, Windows, Symbian, Tizen OS, Sailfish OS, Ubuntu Touch, KaiOS, Sirin OS, and Harmony OS. This five-article series aims to provide valuable insights and recommended practices for researchers, developers, and users. The series draws from the content of the recent book, Understanding Cybersecurity on Smartphones, published by Springer this year. The first article focuses on Apple’s iOS, a global leader in mobile systems, exploring cybersecurity vulnerabilities, associated risks, malware families, attacks, and mitigation techniques.

Contents

1       iOS fundamentals.

2       Getting into cybersecurity – recognizing iOS vulnerabilities.

3       Exploring adversarial tactics in iOS..

3.1        Propagation.

3.2        Activation.

3.3        Carrier.

3.4        Execution.

3.5        Persistence.

4       Analyzing iOS malware varieties & tools.

5       Embracing iOS services – current trends.

6       What’s next.

 

Apple’s iOS is a dominant player among mobile OSes. Despite a shrinking smartphone market in 2022, Apple increased its premium segment share from 57 per cent to 62 per cent between Q1 2021 and Q1 2022 [1].

1     iOS fundamentals

iOS, originally iPhone OS, is Apple Inc.’s Unix-based, mostly proprietary mobile OS, powering devices like iPhones and iPod Touch, and foundational for iPadOS, tvOS, and watchOS. It’s primarily proprietary, with a layered design.

Figure 1: iOS Structure

iOS acts as an intermediary between hardware and mobile apps, using APIs for easier app development compatible with various hardware. Its Core Framework is vital, offering low-level functions. Key components include:

2     Getting into cybersecurity – recognizing iOS vulnerabilities

Despite the general perception of iOS devices as more secure, they are not impervious to threats. For those entering the field of cybersecurity, a deep understanding of iOS-specific vulnerabilities is essential, especially given the popularity and extensive use of Apple products in various sectors.

This section delves into some of the more nuanced and critical vulnerabilities that are often exploited in iOS systems, illustrating the types of attacks and their potential impact:

Table 1: a trend analysis of iOS vulnerabilities from 2011 to 2022.

For new professionals in cybersecurity, tackling the unique architecture and popularity of iOS devices involves a dual focus on technical proficiency and practical application. This includes a deep dive into iOS’s operating system intricacies, such as its kernel structure and security protocols, and a hands-on approach to understanding Swift and Objective-C to identify and address app-specific vulnerabilities. Staying updated on the latest iOS exploits within both individual and enterprise contexts is key to effective risk mitigation.

3     Exploring adversarial tactics in iOS

Compared to Android, iOS may have fewer malware strategies targeting it, but the threats that do exist are sophisticated and evolving. This section delves into various strategies and vulnerabilities that have been exploited in iOS attacks. It covers a range of strategies and vulnerabilities exploited in iOS attacks, categorized into several key areas:

3.1   Propagation

This category is about how malicious software or attacks are initially spread or delivered to the target device. This could be through direct actions like visiting a compromised website, indirect methods like tampering with software during its development or distribution, or exploiting specific device functionalities to gather information or introduce vulnerabilities.

3.2   Activation

This stage involves the activation or triggering of the malicious functionalities within a compromised device. It includes tactics that enable the malware to bypass security measures, hide its presence, or prepare the device for further malicious activities.

3.3   Carrier

In this category, the focus is on the transmission and facilitation of cyberattacks through network or system manipulation. This can include intercepting and altering network communications, hiding malicious activities within normal network traffic, or using system-level functions to gather and transmit data.

3.4   Execution

Execution involves carrying out the intended malicious activities on a compromised device. This could include stealing sensitive information, damaging the device or data, or using the device to launch further attacks.

3.5   Persistence

Persistence is about maintaining access or control over a compromised device over time. The focus here is on ensuring that the malware or attacker’s access remains undetected and uninterrupted, even after reboots, updates, or attempts to remove the malware.

4     Analyzing iOS Malware Varieties & Tools

Android malware often overshadows iOS in security research, mainly due to iOS’s closed-source nature. To address this gap, this section offers an examination of iOS malware types, categories, and tool sources.

Table 2: Types of iOS Malware

Historically, the majority of iOS malware has predominantly affected jailbroken devices. Jailbreaking is the process of bypassing Apple’s restrictions to gain root access to the operating system.

Additionally, state-sponsored actors have occasionally targeted iOS devices through sophisticated malware campaigns. Notable examples include the Pegasus spyware, developed by the NSO Group, which has been used to target journalists and activists, and the XcodeGhost incident, where a counterfeit version of Apple’s development tool led to the distribution of infected apps through the App Store.

To grasp the extent of iOS malware, refer to the iOS taxonomy in Figure 3.2, based on tool types found in the wild. Cybercriminals have learned how to monetize iOS devices using four primary types of tools:

  1. Tools for sale to the public – Targeting users with tools like keyloggers, spyware, and RATs. Examples include 1mole, FlexiSpy, iKeyMonitor keylogger, and StealthGenie.
  2. Research-based tools – Developed as proofs of concept by security researchers, such as iSAM, Instastock, and NeonEggShell.
  3. Government-used tools – Employ backdoors and spyware to surveil targets, such as activists and politicians. Examples include FinSpy mobile, Pegasus, and CIA Vault 7.
  4. Tools found in the wild – Targeting the general public with botnets, RATs, and adware, including iKEE, WireLurker, and YiSpecter.

 

Figure 2: iOS Malware Taxonomy

 

5     Embracing iOS services – current trends

Apple’s creative influence is driving the latest trends in iOS app development. Key trends for 2023 were wearable technology, mobile wallets, augmented and virtual reality, voice assistants, and enhanced app security.

6     What’s next

This article has explored iOS vulnerabilities in-depth, tracking their development over time and highlighting the growing attention to iOS malware research.

The next article of the series, entitled Understanding Cybersecurity on Smartphones (UCSSPh): Introduction to Windows Phone, will delve into the history, evolution, and unique features of Microsoft’s Windows Phone, from its early beginnings as Windows Mobile to its latest updates and innovations as Windows Phone.

References:

[1] Claud Xiao, WireLurker: A New Era in OS X and iOS Malware, 2014.

 

Exit mobile version