Mobile Sunday: New iOS 7 Vulnerability Exposed

Apr 06, 2014 By Sharon Solomon

Smartphones have become “man’s best friend” over the last few years. There is almost no daily task that doesn’t involve the usage of apps and instant messaging. Unfortunately, this also has raised the amount of mobile phone robberies and tampering. Hacking is evolving, but the “traditional” thefts and mishaps are still a big threat.

Phone manufacturers are implementing tools such as lockscreens and passwords to deny unwanted access to phones. The iPhone 5s even has a unique fingerprint scanner which needs to be swiped in order to unlock the phone.

Apple phones also have “Find my iPhone” software. This feature allows the user to remotely lock the phone if lost in a public place or after being robbed. Unfortunately, a serious vulnerability has been exposed in this welcome feature.

Security researcher Miguel Alvarado, who spotted the bug last week, has now shared his findings on his YouTube channel. It’s alarmingly easy to manipulate all iPhones, including iOS 7 running models.

All you need to do is enter Settings and go to the iCloud section. Repeatedly tapping “Delete Account” and the toggle for “Find My iPhone” will require you to enter a password. But rebooting the device and repeating the procedure will enable you to disable the feature and even delete the iCloud account setup up previously.

In other words, once stolen or lost, your precious iPhone is at the mercy of the hacker/fraudster. While the IMEI is not deleted in the process and the smartphone can still be blacklisted, the vulnerability is extremely risky and simply cannot be ignored. The aforementioned vulnerability exists even in the latest iOS 7.1.

Apple is still working on a security patch. In the meanwhile, user-end security has become very crucial. All iPhone users are advised to implement the fingerprint scanner feature and double it with a password. This makes the unlocking of the phone a bit cumbersome, but thieves and robbers cannot exploit the security glitch mentioned in this article.

Mobile phone manufacturers also have to work harder to provide bug-free and stable operating systems. This can be achieved by developing the proprietary ROMs in a safe Software Development Life-Cycle. Source Code Analysis (SCA), a SAST solution, is a great way to eliminate vulnerabilities and ensure the production of safe software.

Source – Find My iPhone Vulnerability 

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.