On the Feasibility of Large-Scale Infections of iOS Devices Tielei Wang, Yeongjin Jang, Yizheng Chen, Simon Chung, Billy Lau, and Wenke Lee School of Computer Science, College of Computing, Georgia Institute of Technology ftielei.wang, yeongjin.jang, yizheng.chen, pchung, billy,
[email protected] Abstract by Apple can be installed and run on iOS devices. This While Apple iOS has gained increasing attention from significantly reduces the number of distribution channels attackers due to its rising popularity, very few large scale of iOS apps, forcing attackers to have their apps signed infections of iOS devices have been discovered because by a trusted authority. of iOS’ advanced security architecture. In this paper, Third, the Digital Rights Management (DRM) tech- we show that infecting a large number of iOS devices nology in iOS prevents users from sharing apps among through botnets is feasible. By exploiting design flaws arbitrary iOS devices, which has a side effect of limit- and weaknesses in the iTunes syncing process, the de- ing the distribution of malicious apps published on the vice provisioning process, and in file storage, we demon- App Store. Although recent studies show that malicious strate that a compromised computer can be instructed to apps can easily bypass Apple’s app vetting process and install Apple-signed malicious apps on a connected iOS appear in the Apple App Store [26, 36, 51], lacking the device, replace existing apps with attacker-signed ma- ability to self-propagate, these malicious apps can only licious apps, and steal private data (e.g., Facebook and affect a limited number of iOS users who accidentally Gmail app cookies) from an iOS device.