Forrester Report: Why to automate AppSec now.

Mobile Sunday: New iOS 7 Vulnerability Exposed

Smartphones have become “man’s best friend” over the last few years. There is almost no daily task that doesn’t involve the usage of apps and instant messaging. Unfortunately, this also has raised the amount of mobile phone robberies and tampering. Hacking is evolving, but the “traditional” thefts and mishaps are still a big threat.

Phone manufacturers are implementing tools such as lockscreens and passwords to deny unwanted access to phones. The iPhone 5s even has a unique fingerprint scanner which needs to be swiped in order to unlock the phone.

Apple phones also have “Find my iPhone” software. This feature allows the user to remotely lock the phone if lost in a public place or after being robbed. Unfortunately, a serious vulnerability has been exposed in this welcome feature.

Security researcher Miguel Alvarado, who spotted the bug last week, has now shared his findings on his YouTube channel. It’s alarmingly easy to manipulate all iPhones, including iOS 7 running models.

All you need to do is enter Settings and go to the iCloud section. Repeatedly tapping “Delete Account” and the toggle for “Find My iPhone” will require you to enter a password. But rebooting the device and repeating the procedure will enable you to disable the feature and even delete the iCloud account setup up previously.

In other words, once stolen or lost, your precious iPhone is at the mercy of the hacker/fraudster. While the IMEI is not deleted in the process and the smartphone can still be blacklisted, the vulnerability is extremely risky and simply cannot be ignored. The aforementioned vulnerability exists even in the latest iOS 7.1.

Apple is still working on a security patch. In the meanwhile, user-end security has become very crucial. All iPhone users are advised to implement the fingerprint scanner feature and double it with a password. This makes the unlocking of the phone a bit cumbersome, but thieves and robbers cannot exploit the security glitch mentioned in this article.

Mobile phone manufacturers also have to work harder to provide bug-free and stable operating systems. This can be achieved by developing the proprietary ROMs in a safe Software Development Life-Cycle. Source Code Analysis (SCA), a SAST solution, is a great way to eliminate vulnerabilities and ensure the production of safe software.

Source – Find My iPhone Vulnerability 

Jump to Category