{"id":74931,"date":"2020-01-05T11:11:48","date_gmt":"2020-01-05T11:11:48","guid":{"rendered":"https:\/\/essays.homeworkacetutors.com\/ios-security-hacks-and-government-issues\/"},"modified":"2020-01-05T11:11:48","modified_gmt":"2020-01-05T11:11:48","slug":"ios-security-hacks-and-government-issues","status":"publish","type":"post","link":"https:\/\/www.colapapers.com\/us\/ios-security-hacks-and-government-issues\/","title":{"rendered":"iOS Security Hacks and Government Issues"},"content":{"rendered":"
\n

iOS
\nSecurity: Rebelling against Hacks and the Government<\/p>\n

Abstract<\/h3>\n

Apple\u2019s mobile iOS
\ntechnology was introduced in 2007 and in eleven years, it has quickly grown to
\nbe one of the top smartphone operating systems. The iOS has been well-regarded
\nas being the most secure compared to other mobile OS on the market. Although it
\nhas been continuously proclaimed for its security advancements, it has not been
\nwithout its flaws. This paper will explore Apple iOS security technologies and
\na history of the malware hacks, both software and hardware, that have been able
\nto penetrate through these defenses. Additionally, the hacks will be discussed
\nin detail in how they operate, how they travel, and the type of data they are
\nattempting to obtain. Furthermore, this paper will discuss how Apple has
\nresponded to these attacks and has continuously updated the iOS to counter
\nfuture attempts. All of these are taken into account for the discussion in how
\nApple has changed its security posture with the federal government and
\nintelligence agencies. Recommendations can be made for organizations and users
\nin terms of security but there is no one single answer that can deliver
\nsufficient means of defense against mobile malware.\u00a0 <\/p>\n

Keywords<\/em>:
\niOS, Security, Malware, Apple, Jailbreak<\/p>\n

Introduction<\/h2>\n

June 29th<\/sup>, 2007 was a pivotal moment for both Apple and the world of smartphone technology. This was the date that Steve Jobs, former CEO of Apple Inc., released the original iPhone. With this release came the first version of Apple\u2019s mobile iOS, formerly known as the iPhone OS. The name was changed to iOS, as a sort of rebranding, with the release of the iOS 4.0 in June 2010. As new versions of iOS were released, so were newer and better security features. <\/p>\n

In 2011, Robert Lemos stated that the \u201csecurity on the mobile operating system was nearly nonexistent\u201d[1]<\/sup>. From early beginnings, the security features offered were bare minimum. It did take a few years for the first malware, in the form of a worm, to surface in 2009. From there, Apple was forced to re-evaluate the security features that were offered on the iOS devices. Many more forms of malware began to appear in the years that followed. New forms of malware, such as XcodeGhost, Pegasus, and AceDeceiver were more malicious and covert in their workings. According to Damopoulous et al \u201cThe evolution of malwares is a continuous race between intruders and defenders\u201d (2011)[2]<\/sup>. These could now be downloaded in the background of the iOS with the user being completely unaware.<\/p>\n

With
\neach new vulnerability and hack, updated versions of the iOS were released and
\nnew security features added. The current security features offered protection
\nfor both the hardware and the software on the iPhone. According to Chung et al,
\n\u201capple iOS devices are considered by many to be more secure than other mobile
\nofferings\u201d (pg. 1)[3]<\/sup>. The iOS security is considered so vigorous
\nthat it now has complicated the relationship between Apple, the federal
\ngovernment, and intelligence agencies. With current legislation, Apple does not
\nhave to assist as a third-party in obtaining information from a locked iOS
\ndevice. Due to this, several companies have launched to create devices that can
\nobtain encrypted information from Apple devices without the risk of deleting
\ndata. <\/p>\n

Apple has a duty to protect its hardware and software from attacks and loss of confidential data. Organizations and users have this same duty to try and protect their own personal information. There are numerous techniques that are offered for iOS device owners to correctly implement.<\/p>\n

Literature Review and Research<\/h2>\n

In 2016, Rene Ritchie stated that \u201csecurity is all about defense in depth, and by doing all of these things, Apple makes iOS security increasingly deep\u201d[4]<\/sup>. Apple has always prided itself in maintaining iOS mobile security. Throughout the 11 years that the iOS has been in existence, Apple has consistently uploaded new security features to help keep their user\u2019s information safe. Robert Lemos (2011) quoted Raimund Genes, CTO for software security first Trend Micro, \u201cApple owns the complete ecosystem \u2013 they own the hardware, they own the software, and it makes it quite safe. And thanks to the App Store, they also have a recall switch\u201d[1]<\/sup>. In terms of System Security, Apple deploys the following: secure boot chain, system software authorization, secure enclave, touch ID and face ID services. Apple\u2019s 2018 iOS Security whitepaper published its \u201csystem security is designed so that both software and hardware are secure across all core components of every iOS device\u201d (pg. 5)[5]<\/sup>. This begins with the system boot up process where Apple has cryptographically signed all the components in order to sustain the integrity of each one. Apple uses a mechanism called secure boot chain, also known as the \u201cchain of trust\u201d, which begins in the lower-level software. The Boot ROM encloses the code that is implemented inside the application processor when an iOS device is switched on. The 2018 iOS Security whitepaper continues to say that \u201cthe immutable code, known as the hardware root of trust, is laid down during chip fabrication, and is implicitly trusted\u201d (pg. 5)[5]<\/sup>. This code houses the Apple Root CA public key which confirms the iBoot bootloader, or the Lower Level Bootloader on older devices. Once established and uploaded, the public key authenticates the Apple signature on the iOS kernel component. When all components have been uploaded, the iOS device is ready for use. If the system fails to confirm or upload during any point of the boot up process, the iTunes screen will display which indicates that the device has entered the Recovery mode. The device will not operate until it has been connected and reset back to default factory settings. <\/p>\n

System
\nSoftware Authorization is a process that is used to stop iOS devices from being
\nreduced to older versions that do not have the most up-to-date security
\nupdates. This process has been put in place to prevent attackers from abusing
\nvulnerabilities found in older versions of iOS. This could explain why there
\nhave been an extensive number of updates since the original iPhone OS release
\nin 2007. The iOS updates can be installed two ways: through iTunes or OTA, over
\nthe air. The differences being that a full copy of iOS is downloaded when using
\niTunes and only the software updates will be downloaded when using the OTA
\noption. <\/p>\n

\n

\u201cDuring an iOS upgrade, iTunes (or the device itself, in the case of OTA software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed (for example, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device\u2019s unique ID (ECID)\u201d (\u201ciOS Security\u201d, 2018, pg. 6)[5]<\/sup>.<\/p>\n<\/blockquote>\n

The authorization
\nserver checks the list of measurements and which versions of installation can
\nupload. If a match is found, the ECID is added to the measurements and the
\nserver provides a signature. Through this process, the server can validate that
\nthe update is exactly how it is provided by Apple and that it is device
\nspecific.<\/p>\n

The Secure Enclave feature can also be used in collaboration of the system software authorization and is considered a coprocessor. The 2018 iOS Security Whitepaper describes that the Secure Enclave \u201cuses encrypted memory and include a hardware random number generator\u201d (pg. 7)[5]<\/sup>. The Secure Enclave is housed on its own, preventing the main processor from being able to access sensitive information such as fingerprint biometrics or cryptographic keys. Jay Jay stated in 2017 that \u201call stored data is encrypted and stored in a secure vault. The keys to such vaults are securely stored in Secure Enclaves inside iPhones and even Apple can\u2019t access such keys even if it wants to\u201d[6]<\/sup>.\u00a0 It is still a newer feature that was introduced with the iPhone 5. The secure enclave plays a large part for the Data Protection management that is discussed later. An added bonus with the secure enclave, it does not allow a replay of security-critical memory. <\/p>\n

Touch ID and Face ID are considered newer security enhancements that Apple added to their security features. Touch ID is a fingerprint identifying system that can speed up access to the iOS device. The interesting aspect of the Touch ID feature is that it will continue to learn more about the fingerprint over time through its continued expansion of the fingerprint map. It can also read the fingerprint from different angles which makes it more user friendly by not requiring the user to place their finger in the exact same spot each time access is requested. Face ID can do exactly as the name describes, unlock the iOS device through the detection of the user\u2019s face. The camera uses advanced technology and secure authentication to record the geometry of the individual\u2019s face. This feature, reported by the 2018 iOS Security Whitepaper, \u201cconfirms attention by detecting the direction of your gaze, then uses neural networks for matching and anti-spoofing, so you can unlock your phone with a glance\u201d (pg. 7)[5]<\/sup>. Fascinatingly, the software also automatically adjusts to the changes in the appearance of the user. <\/p>\n

To use these features, a passcode is required during the initial set-up. If the features do not recognize either the fingerprint or facial appearance, a prompt requesting the passcode will appear. These passcodes are essentially the foundation of the iOS cryptographic protection. It is encouraged to provide a longer, more complex passcode due to the infrequency of input. Other conditions the passcode is required are: the device has been restarted or turned on, the device received a remote lock command, the device has been locked for over 48 hours, there have been 5 unsuccessful attempts to unlock, the passcode hasn\u2019t been used in 6 days, Face ID hasn\u2019t unlocked the device in 4 hours, or after initiating the power off command. <\/p>\n

According to the 2018 iOS Security Whitepaper, \u201cthe secure boot chain, code signing, and runtime process security all help to ensure that only trusted code and apps can run on a device\u201d (pg. 12)[5]<\/sup>. To increase security for the iOS devices, Apple also has encryption and data protection features. These features include: hardware security features, file data protection, passcodes, data protection classes, keychain data protection, access to Safari saved passwords, keybags, security certifications and programs.<\/p>\n

Hardware security is just as important as software security. Every iOS device has been built with an AES-256 crypto engine. This engine is located between the flash storage and main system memory, which has claimed to make file encryption highly well-organized. During the manufacturing of these devices, a unique ID (UID) and group ID (GID) are assembled using the 256-bit keys and placed into the application processor and Secure Enclave. There is no way to access this data directly and can only be seen through encryption\/decryption performed by the AES and the IDs as the key. On newer processors, the Secure Enclave generates solely on its own which makes this system and devices much more secure from outside attackers. The UID is unique to only that device but the GID is common among all the classes of devices using that processor. <\/p>\n

In continuation of the encryption on the hardware, Apple also uses technology to protect the data that is kept in the flash memory of the iOS device. This technology is called Data Protection and it allows the device to use a class system and use said class system to assign protection on files that are used by the device. Simplified, this technology assigns a protection class key to the files that are used by the device and regulates when the file can be read from and written to.\u00a0 The types of protection include: complete protection, protected unless opened, protected until first user authentication, and no protection. These classes will protect the data inside the files or allow\/reject access of files whether the device is locked or unlocked. <\/p>\n

Passcodes were briefly touched on during the Systems Security section. To reiterate, passcodes are essentially the foundation of the iOS cryptographic protection. The 2018 iOS Security Whitepaper reports that the \u201ciOS supports six-digit, four-digit, and arbitrary-length passcodes\u201d (pg. 15)[5]<\/sup>. The passcode can be both numeric and alphanumeric. The UID is an important part of the passcode because they are intertwined making any type of attack to secure the passcode very time consuming and slow. Users can also select \u201cErase Data\u201d option that will erase the device after 10 repeated incorrect tries to enter the passcode. Naturally, the complexity of the passcode increases the intricacy of the encryption key. <\/p>\n

Keys and login tokens for applications are as equally important to secure as the passwords used to access them. The iOS Keychain provides the security for this information. This program is executed on the SQLite database and only provides one access to the database for processes and applications. The iOS Security Whitepaper writes that \u201ckeychain items can only be shared between apps from the same developer. This is managed by requiring third-party apps to use access groups with a prefix allocated to them through the Apple Developer Program via application groups\u201d (2018, pg. 17)[5]<\/sup>. The data that is being secured uses a class system similar to the Data Protection classes. The amount of security needed in conjunction with the usability of the data will decide which class of protection is needed. <\/p>\n

Keybags are used to manage the keys for files and Keychain Data Protection. Apple defines a keybag as \u201ca data structure used to store a collection of class keys\u201d (2018, pg. 80)[5]<\/sup>. iOS utilizes 5 different types of keybags: user, device, backup, escrow, and iCloud Backup. The User and Device keybags are exactly as the name describes. The User keybag stores the class keys for ordinary use of the device while Device keybags contain the class keys for very device-specific information. Although, if the device is set up for shared mode, the iOS device will use the class keys from the device keybag rather than the user keybag. Backup Keybags are created using new keys when iTunes backups a device and is secured with the iTunes password. The new file created is encrypted and uses this new keybag to re-encrypt the data. The data can only be uploaded on the original device. Keychain items can move to a new device if it still has the user ID password attached and backup password installed. When a user initiates a backup through iTunes, an Escrow Keybag is used. This keybag permits the backup of data without necessitating the user to put in their passcode. Once connected to iTunes, the escrow keybag is produced with the same class keys that are used on the device, but protected the freshly created key from the backup keybags. The data is then placed under the Protected Until First User Authentication class. Lastly, the iCloud Backup keybag resembles the makeup of the Backup keybag. These backups can be done in the background except the No Protection class data. This data is simply sent to the iCloud. <\/p>\n

Security Certifications and programs remain to be a large part of Apple\u2019s continued duty to their user\u2019s data safety. Apple has received certifications for the Information Security Management System, ISO 27001 and ISO 27018, to support many of the features offered on iOS devices. They have been awarded compliance through the British Standards Institution and their certificates can be viewed on the BSI website. iOS 9 helped Apple achieve certifications in several topics under the Common Criteria Certification program such as the Mobile Device Fundamental Protection Profile, VPN IPSec Client Protection Profile, and Extended Package for Mobile Device Management Agents just to name a few. On top of these certifications, Apple has sustained its compliance with the U.S. Federal Information Processing Standards (FIPS) for the cryptographic modules in the iOS since the release of iOS 6.\u00a0 Apple must be revalidated each time they submit a new iOS release. FIPS confirms that the iOS version is properly utilizing the cryptographic services and permitted algorithms for all apps provided through Apple and third-parties. The 2018 iOS Security Whitepaper promotes that \u201cApple continues to evaluate and pursue certifications against new and updated versions of the cPPs available today\u201d (pg. 22)[5]<\/sup>. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n

There have been several hacks that has penetrated through the iOS security features. This includes malware, spyware, worms, and botnets. La Polla et al have defined malware as \u201cany kind of hostile, intrusive or annoying software or program code designed to use a device without the owner\u2019s consent\u201d (2013, pg. 448)[7]<\/sup>. Jay reported that \u201cno matter how much Apple invests on the security of its devices, hackers may get past rare vulnerabilities and impact thousands of users and their sensitive details at the same time\u201d (2017)[6]<\/sup>. The first iPhone was placed into circulation in June 2007, it had no 3G or App store, only in-house applications already preloaded onto the iOS device. In 2009, the first sign of malware, the \u201cRickrolls\u201d worm, surfaced. This worm is more commonly known as the Ikee worm since the author of this code is referred to as \u201cikex\u201d. This worm was seen more as a prank than anything truly malicious but according to F-Secure Labs, \u201cit is possible for another hacker to use code from this variant and adapt it to carry a more sinister payload\u201d (2009)[8]<\/sup>. The Ikee worm only affected iPhones that are considered \u2018jailbroken\u2019 \u2013 which defined by Jonathan Vanian \u201cgenerally refers to an iPhone or iPad that has been modified without approval by Apple, so the user can install software and apps that aren\u2019t available on the Apple App Store\u201d (2016)[9]<\/sup>. F-Secure Labs reported that \u201conce in place, the worm appears to attempt to find other iPhones on the mobile phone network that are similarly vulnerable. If found, the worm installs itself on the new device\u201d (2009)[8]<\/sup>. The iOS device that is infected has the wallpaper changed to the picture of Rick Astley with a message that states: \u201cikee is never gonna give you up\u201d (Oliver, 2009)[10]<\/sup>. \u00a0<\/p>\n

Next in 2012, iOS first malware was suspected and confirmed in the Find & Call app. This app was available on both Google Play and the Apple App Store. The Kaspersky Lab was contracted to investigate and found that the app was secretly saving data from the users\u2019 contact lists and uploading this material to the developer\u2019s server. From there, advertising spam was sent to the user\u2019s contacts through messaging using the user\u2019s phone number as the sender. Pereira wrote \u201cafter researching the situation, they discovered that it was a Trojan Horse that was uploading the users\u2019 phonebook to a remote server\u201d (2012)[11]<\/sup>. The Find & Call app was quickly removed from the Apple App Store once confirmation was received from the Kaspersky Lab. <\/p>\n

Three years later, in 2015, the first notable attack on Apple occurred. Claud Xiao described XCodeGhost to be \u201ca new iOS malware arising from a malicious version of Xcode, which is Apple\u2019s official tool for developing iOS and OS applications\u201d (2016)[12]<\/sup>. \u201cThe malicious code was repackaged into some versions of Xcode installers\u201d continued Xiao (2015a)[13]<\/sup>. This modified code originated in China when the malicious Xcode was uploaded to a file sharing cloud service, Baidu. From there, the revised code was used by Chinese developers to create or update their apps to the Apple App Store. Network speeds can be painfully slow causing developers to sometimes download the standard Xcode installer from other sources, including their colleagues. Through Palo Alto Networks investigations, all versions of Xcode that were available for download had links to Baidu and were found to be infected. The CoreServices file is the primary file that contains many of the fundamental system services and once the malicious code infects this file it will be added into any iOS app that uses this Xcode. Jay reported that \u201cXCodeGhost infected over 4,000 apps on the App store, far greater than the 25 initially acknowledged by Apple\u201d (2017)[6]<\/sup>. \u00a0China was the primary location that was affected by XcodeGhost but some apps were used worldwide. Palo Alto Networks originally believed that XcodeGhost was not harmful or significant and that is why it was able to pass through the code review with ease (2015a)[13]<\/sup> but this was short-lived. In an update, Xiao stated that XcodeGhost was believed to be \u201cvery harmful and dangerous malware that has bypassed Apple\u2019s code review and made unprecedented attacks on the iOS ecosystem\u201d (2015b)[14]<\/sup>. The malware would transfer device and app data to its command and control server and could also phish for user credentials. Whenever an infected app is opened by the user, XcodeGhost will take any stored data from the clipboard and place new data inside without the user\u2019s awareness. Xiao believes that \u201cstealing passwords or potentially exploiting vulnerabilities in iOS and in legitimate applications may be the true purpose of XcodeGhost\u201d (2015b)[14]<\/sup>. Apple removed all infected iOS apps from Apple App Store and notified developers to edit their products and re-upload for approval.\u00a0 Recommendations have been stated to help avoid this type of malware from resurfacing in the future. Gui et al reported that \u201cthe developers should check the developing tool carefully to avoid malicious modified tools. The administers of App Store should test the submitted applications seriously to prevent malware attacks before they emerge. The users should pay attention to the officially reported security even when a malware attack is happening and act immediately to avoid further loss\u201d (2016)[15]<\/sup>. <\/p>\n

AceDeceiver, discovered in 2016, described by Xiao as a \u201cnew family of iOS malware that successfully infected non-jailbroken devices\u201d (2016)[12]<\/sup>. This is concerning because this type of malware doesn\u2019t need to have an enterprise certificate in order to install onto the iOS device. AceDeceiver was designed to circumvent iOS Digital Rights Management tool, specifically FairPlay, which has been used to download pirated iOS apps from a computer onto the device. Apple has known this has been happening since 2013 and labeled the term \u201cFairPlay Man-In-The-Middle\u201d. <\/p>\n

\n

\u00a0\u201cIn the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user\u2019s knowledge\u201d (Xiao, 2016)[12]<\/sup>.\u00a0 \u00a0\u00a0<\/p>\n<\/blockquote>\n

The apps that were uploaded to the App Store were able
\nto bypass the code review seven times due to the fact, the Trojan\u2019s behavior
\nwas customized on the actual geographic area in which it was implemented.
\nAceDeceiver was found to have only impacted people in Mainland China. Palo Alto
\nNetworks had discovered these three apps that were infected by AceDeceiver and
\nnotified Apple, of which removed those apps. \u201cEven though Apple may have
\nremoved the bogus apps from the App Store, the authors claim that the corrupted
\nWindows app is able to download fraudulent apps no longer hosted on the App
\nStore\u201d reported Jonathan Vanian (2016)[9]<\/sup>. This is true because
\nClaud Xiao reports that \u201cthe FairPlay MITM attack only requires these apps to
\nhave been available in the App Store once. As long as an attacker could get a
\ncopy of authorization from Apple, the attack doesn\u2019t require current App Store
\navailability to spread those apps\u201d (2016)[12]<\/sup>. Another vital piece
\nto this attack is the computer the iOS device is connecting to. It must have
\nbeen compromised with the malware. During the investigation, Palo Alto Networks
\nlocated the compromised software to be Aisi Helper. Claude Xiao continued to
\nexplain that Aisi Helper is \u201ca software program for Windows systems that claims
\nto provide services for iOS devices such as system re-installation,
\njailbreaking, system backup, device management, system cleaning\u201d (2016)[12]<\/sup>.\n<\/p>\n

Not all hacks have been created to be malicious and cause damages. Two hacks, iSAM and Mactans, were created by ethical hackers, or \u201cwhite hats\u201d, who try and uncover potential vulnerabilities of the iOS devices to try and get them patched to avoid future attacks. iSAM was produced \u201cto stealthily execute, six malware mechanisms, self-propagate wirelessly to other iPhone targets and finally connect back to the iSAM bot master server to update its programming logic or to obey commands and unleash a synchronized attack\u201d as explained by Damopoulos et al (2011, pg. 18)[2]<\/sup>. iSAM needs the device to be jailbroken in order to acquire root permissions. If the iOS device is not already jailbroken, it can be through simply sending an infected PDF file that automatically downloads when clicked on by the user. This infected PDF file is already carrying the malicious code of iSAM and will download with the PDF file consecutively. As previously mentioned, this malware has six malware mechanisms involved. The iSAMScanner controls the subroutines which manages the transmission of the malware, iSAMUpdate commands the botnets, and the malware actions are labeled as iCollector, iSMSBomber, iDoSApp, and iDosNet. Each subroutine is responsible for certain tasks; iSAMScanner constantly looks for jailbroken phones through a Secure Shell weakness. Once detected, the subroutine connects to the device on the SSH server and downloads a package with command code. iSAMUpdate is in charge of the botnets and reconnecting with the iSAM to confirm an updated version is accessible for download. The final four subroutines do as their name describes; iCollector steals private information straight from the device, iSMSBomber secretly sends large numbers of SMS messages to the iOS device contact list and random numbers generated by the malicious code. These messages contain the link to download the malware if the user clicks on it. Damopoulous et al communicated that \u201cone of the main iOS applications is Springboard that manages the iOS home screen by displaying all icons of the available applications, starts the WindowServer and launches and bootstraps other applications\u201d (2011, pg. 26)[2]<\/sup>. iDoSApp subroutines stops an app from loading when the user touches the icon. This attack doesn\u2019t happen for long periods of time and happen randomly. iDoSNet purposely shuts down the communications services by switching Airplane mode on for the device at random times. Again, the time frame is short as to not alert the user that anything is defective with the iOS device. <\/p>\n

Mactans was created with the
\nintention of introducing malware into an iOS device through the use of a
\ncompromised charger. Chung et al explained this type of attack can \u201coccur
\nautomatically without a user\u2019s consent or knowledge\u201d (pg. 3)[3]<\/sup>.
\nThis type of attack can be more common than research shows, especially as
\ncharging stations with chargers provided are becoming more popular in shopping
\nmalls and airports. An attacker only needs to switch out the provided charger
\nwith the compromised one and wait. An unsuspecting victim will plug their
\ndevice in to be charged, unknowingly downloading the malicious malware. The iOS
\ndevice does not need to be jailbroken but it does \u201crequire the phone to be
\nunlocked at least once after being connected. While this requirement may seem
\nto render Mactans impractical, we posit that users will regularly create this
\nsituation while charging their device\u201d Chung et al announced (pg. 10)[3]<\/sup>.\n<\/p>\n

The most recent iOS hack occurred
\nnear the end of 2016 with the malware Pegasus. Pegasus is listed as a spyware,
\n\u201ca malicious application designed to retrieve specific information from an
\ninfected device without the victim\u2019s knowledge\u201d (Lookout, 2016, pg. 5)[16]<\/sup>.
\nPegasus was discovered when a well-known person from the United Arab Emirates
\nhad received multiple messages from an unknown sender. Rather than click on the
\nlinks, he had these messages analyzed by Citizen Lab researchers. Citizen Lab
\nresearchers reached out to Lookout to help with this investigation. The
\nTechnical Analysis released by Lookout, Inc. stated, \u201cPegasus is professionally
\ndeveloped and highly advanced in its use of zero-day vulnerabilities, code
\nobfuscation, and encryption. It uses sophisticated function hooking to subvert
\nOS- and application-layer security in voice\/audio calls and apps including
\nGmail, Facebook, WhatsApp, FaceTime, Viber, WeChat, Telegram, Apple\u2019s built-in
\nmessaging and email apps, and others\u201d (2016, pg. 3)[16]<\/sup>. The Israeli
\ngroup, NSO, takes responsibility of manufacturing and selling this product for
\nover $25,000 per objective. This malware identified three weaknesses in the iOS
\nsoftware, called the Trident, which allows the attacker to install the spyware
\nonto the iOS device without the user\u2019s knowledge. The Trident consisted of
\nmemory corruption in WebKit, Kernel information Leak and Kernel memory
\ncorruption that leads to jailbreak were the flaws exploited by Pegasus. During
\nthe analysis of this malware, Lookout was able to distinguish that all iOS devices
\nwere at risk. The transfer of Pegasus is very similar to iSAM, a message is
\nsent to the intended victim with an infected link that, once clicked, will
\ninitiate the download of the malware. Once Pegasus is inside the iOS, it
\njailbreaks the device and begins to steal the user\u2019s data. Lookout, Inc.
\npublished that \u201cPegasus takes advantage of both the remote jailbreak exploit
\nand a technique called \u2018hooking\u2019 (2016, pg. 7)[16]<\/sup>. \u201cHooking\u201d is a
\nway to bypass the iOS security tools that stop normal apps from eavesdropping
\non each other. The user\u2019s iOS device is under total observation by the
\nattacker, including their location. The attacker can even turn on the camera
\nand microphone at any time in order to listen and watch at any point. The most
\ninteresting aspect of Pegasus is that \u201cit has a highly sensitive self-destruct
\nmechanism to ensure that the product is not discovered. When the software
\nappears to be threatened, it will self-destruct, removing its persistence
\nmechanism\u201d as reported by Lookout, Inc. Analysis Report (2016, pg. 19)[16]<\/sup>.<\/p>\n

Not all hacks happen on the iOS
\nsoftware. Two companies have come into existence to solely break into the iOS hardware
\nto be able to access the data. Cellebrite and Grayshift are still considered
\nyoung compared to other companies but they have made quite the name for
\nthemselves. Each of these companies boast about how they help law enforcement
\nand other security professionals hack into even the latest of iPhones and
\nAndroid devices. Cellebrite has been around longer than Grayshift, launching in
\n2007 and according to the company website their \u201cproducts support the entire
\ninvestigative team \u2013 from forensic examiners and analysts in the lab to
\ninvestigators and first responders in the field, to the prosecutors building
\nstrong defensible cases, and agency management optimizing investigative
\nresources\u201d (2018)[17]<\/sup>. While all of this sounds remarkable,
\nCellebrite will obviously not share their secrets with Apple. What is known is
\nthat Cellebrite has the capability to be able to break into Apple and Android
\nproducts. It is rumored, but not confirmed, that Cellebrite was the company
\nthat assisted FBI agents with unlocking an iPhone when Apple would not in 2016.
\nCellebrite was itself a victim of hacking and information about how some of its
\nproducts worked was released. Malcolm Owen published that \u201calong with
\nbrand-specific exploits, the iOS-related code allegedly used scripts originally
\nused to jailbreak iPhones, as well as firmware altered to break security on
\nolder devices\u201d (2018)[18]<\/sup>. It is also thought that this company may
\nhave been able to locate a vulnerability within the iPhone\u2019s Secure Enclave
\nfeature, which as described earlier controlled security features of the actual
\ndevice. According to Owen, \u201cthe report suggests that the unlocking process can
\nbe relatively inexpensive, priced as low as $1,500 per device\u201d (2018)[18]<\/sup>.
\nGrayshift, on the other hand, is slightly older than two years old launching in
\n2016. This company tries to stay more on the cryptic and low-key side but, is
\nbecoming more popular with law enforcement across the country. Looking on the
\ncompany\u2019s website it shares bare minimum with only a P.O. Box as it\u2019s address. But
\nthis new company displayed its device at a forensics conference which caused
\nthe company\u2019s booth to be surrounded by attendees and a security guard present.
\nAccording to Robert McMillan from the Wall Street Journal, this little box
\ndesigned to work strictly on Apple devices called Graykey can be sold for
\n$15,000 to law enforcement or other authorized users[19]<\/sup>. McMillan continued
\nhis report on the workings of GrayKey, that the owner \u201cplugged an iPhone X into
\nthe GrayKey\u2019s Lightning cable, clicked a handful of options on a management
\nscreen and the device went to work\u201d (2018)[19]<\/sup>. This small box
\nbypasses Apple\u2019s newest security feature of preventing law enforcement from
\naccessing an iPhone through the charging cable port completely. Apple has made
\nchanges to counter this that will not prevent GrayKey from being used but it
\nwill limit the time allowed to access the device once it is connected. <\/p>\n

With each new hack or exploit of the
\niOS device, Apple has always been quick to fix the problem. Apple releases an
\nupdate to its iOS when any vulnerability has been exposed. Since the iOS
\nversion 11.0 release on September 19th, 2017, there have been fifteen updates
\nor patches released. The most recent being the release of 11.4.1 on July 9th,
\n2018. This version patched several bugs that affected different components,
\nsuch as Bluetooth, FontParser, CoreGraphics, Contacts, Mail, and other Security
\nfeatures. Apple has also responded to exploitations by launching a bug bounty
\nprogram in September 2016. According to Kate Conger, \u201cApple\u2019s head of security
\nengineering and architecture, Ivan Krstic, announced to Black Hat attendees
\nthat Apple will begin offering cash bounties of up to $200,000 to researchers
\nwho discover vulnerabilities in its products\u201d (2016)[20]<\/sup>. Apple
\nhasn\u2019t been open to these types of programs in the past but hopefully this will
\nhelp close security gaps that are overlooked accidentally. Conger also reported
\nthat \u201cApple says that discovering vulnerabilities is becoming more difficult
\nfor in-house testers and external researchers alike, so it\u2019s time to start
\noffering more incentives for bug reports\u201d (2016)[20]<\/sup>. Unfortunately,
\npeople who try to find these vulnerabilities can get higher payouts from law
\nenforcement or the government indicating that Apple\u2019s reward amount may not
\nsize up. For Apple\u2019s bug bounty program, it is by invite only to researchers
\nthat have already made beneficial discoveries but will eventually accept new
\nresearchers if they can prove their abilities. Apple has listed five different
\ncategories with a corresponding amount for weaknesses found within the iOS. More
\nspecific examples on how Apple has responded to these hacks have been discussed
\nin earlier sections. In regard to GrayKey and Cellebrite, Apple will continue
\nto enhance its security features, as is the pattern seen, when a new
\nvulnerability is located to try and prevent the iOS software and the device
\nfrom being hacked into. At the forensics conference, Mr. Miles who is the owner
\nof Grayshift LLC announced \u201cGrayshift plans to deliver new iPhone-cracking
\nmethods to GrayKey users via software updates\u201d as reported by Robert McMillan
\n(2018)[19]<\/sup>. Apple will continuously be a step behind these types of
\ndevices because research of new methods and flaws will always be of great
\nimportance to these companies.<\/p>\n

Apple\u2019s increased security
\nsurrounding the iOS, particularly the disabling of the Lightning port
\npreventing law enforcement from hacking into iPhones, relations with federal
\nagencies has become more strained. Prior to this, law enforcement and Apple had
\nalways maintained a civil relationship when working on cases together to
\nretrieve data from iOS devices. Matthias Schulze disclosed: <\/p>\n

\n

\u201cIn early 2016, the Federal Bureau of Investigation (FBI) issued a court order to compel Apple to unlock an encrypted iPhone 5C that was used by the San Bernardino attacker in December 2015. The FBI wanted Apple to rewrite its iOS software, to disable encryption security features that would allow the enforcement agency to guess the correct passcodes in a trial and error fashion\u201d (2017, pg. 54)[21]<\/sup>. <\/p>\n<\/blockquote>\n

Apple refused even after the FBI issued a court order
\ndemanding them to do so under the All Writs Act of 17989. John Potapchuk of the
\nBoston College Law School stated \u201cin February 2016, a U.S. District Court
\nagreed with Apple and stated they did not have to break into the iPhone (2016)[22]<\/sup>.
\nThe FBI had every intention of taking Apple into court in order to have their
\nassistance mandated but was able to receive help from an outside source. Apple has
\nbeen increasing the security features for iOS to the point where they cannot
\nprovide any type of assistance to law enforcement or government agencies.
\nMatthias Schulze believes this is a continuation of \u201cthe so-called crypto-wars,
\ndefined as technological debates whether the government should have access to
\nencrypted communication\u201d (2017, pg.54)[21]<\/sup>. Apple believes that the
\ngovernment was abusing their power and would be setting a dangerous precedent
\n(Gamet, 2018)[23]<\/sup>. Apple\u2019s outright refusal to assist in hacking
\ninto the iPhone has now hindered law enforcement\u2019s ability to access stored
\ninformation. This has been referred to as \u201cgoing dark\u201d, the growing gap between
\nthe government\u2019s right to conduct criminal investigations and the capability to
\nuse that power in light of technological developments (Potapchuk, 2016)[22]<\/sup>.
\nGovernments are now pleading with Congress to change legislation that will
\nallow intelligence agencies and federal agencies to be able to access encrypted
\ninformation more easily but until that happens, it will be more challenging to
\nacquire such information. Until such legislation is passed into law, Cellebrite
\nand Grayshift are law enforcements best chance at recovering encrypted data
\nwithin the iPhone devices.\u00a0 <\/p>\n

Key Findings<\/h2>\n

The previous section discussed
\nseveral different types of malware and the security advancements that were
\nimplemented to counter them. The iOS system harbors both System and Data
\nSecurity mechanisms. The System Security mechanisms include the Secure boot
\nchain, which begins at the time of boot up that validates only signed Apple
\ncode is on the iOS; System Software Authorization, a program that doesn\u2019t allow
\na device to be downgraded to older versions; the Secure Enclave, which is
\nhoused on its own and holds the cryptographic key used for data protection; and
\nFace and Touch IDs, which uses stored biometric data of the user to allow
\neasier access to the iOS device. Not all of these features have been included
\nsince iOS launched in 2007 but rather have been in responses to several hacks
\nthat have been successful. iOS also has taken steps to ensure data protection
\nthrough encryption. These tools are used to keep user\u2019s data protected from
\nunauthorized people trying to access the device, either remotely or physically.\n<\/p>\n

The malicious malware has evolved
\nover the past decade. They have progressed from a simple prank with no malice,
\nthe Ikee worm, to sophisticated spyware that could control the iOS device
\ncompletely without the user\u2019s awareness, Pegasus spyware. It has also evolved
\nto have the capability to know when to self-destruct if it has the chance of
\nbeing detected. Although many of these hacks have been found to impact only
\nthose in China, it still was a concern for all iOS users. With each malware
\ndiscovered, Apple responded with patches and upgrades to fix the
\nvulnerabilities found within the iOS. Although Apple is quick to fix any
\nsoftware exploits, they have yet been able to counter the iOS hardware hacking
\ndevices that have become more popular in recent years. Grayshift LLC and
\nCellebrite have successfully been able to hack into an iPhone device and
\ncapture all encrypted data without worry of deletion, as is one of Apple\u2019s
\nnewest security feature provided to its users, although these devices come with
\na price. \u00a0<\/p>\n

Due to the security patches and
\nincreased encryption tools used by Apple, the federal government and
\nintelligence agencies have rekindled the on-going \u201ccrypto-wars\u201d. Apple refused
\nto assist in hacking into an iPhone for the FBI, resulting in a plea to
\nlegislators to change the current laws. Their claim of preventing law
\nenforcement from commencing an investigation and evidence collection will have
\nhigher consequences than maintaining the user\u2019s right to privacy. <\/p>\n

Recommendations<\/h2>\n

As much as Apple has a duty to protect their user\u2019s personal information, the user has an equal amount of responsibility to protect themselves. There are number of ways that users can implement to protect their data from attacks. First and most important, users should keep their iOS updated with the latest version released from Apple. This will ensure that the iOS device is protected from any vulnerabilities that may exist. Keep the iOS device locked with a passcode and the \u201cErase Data\u201d setting enable. As previously stated the longer the passcode, the stronger the protection. With having the \u201cErase Data\u201d setting enabled, the user can ensure that no sensitive information can be accessed if a brute-force attack is initiated. After 10 unsuccessful attempts, the phone will wipe clean. Clicking on unknown URLs or PDF files is also advised against, especially if the user cannot verify the sender. Malware can be transported through infected websites and PDF files which can ultimately contaminate the iOS device without the users\u2019 knowledge. Veracode also suggests \u201cregularly delete the keyboard cache that iOS devices store for text autocorrect. Keystrokes can be stored for up to 12 months if they are not regularly cleared\u201d (DuPaul)[24]<\/sup>. Furthermore, do not jailbreak the iOS device. Most forms of malware can distribute among jailbroken iPhones due to the lack of security that Apple provides in their iOS. The same recommendations can be issued for organizations.\u00a0\u00a0 <\/p>\n

Conclusion<\/h2>\n

Apple\u2019s mobile iOS is renowned for
\nits security enhancements and its reputation is clearly earned. From the
\noriginal release of the first iPhone with no security enhancements, to the
\nlatest iPhone X that provides complex encryption and biometric password protection,
\nApple has been considered to be more secure in mobile security. Although there
\nhave been several hacks that have penetrated the iOS, such as XcodeGhost and
\nPegasus spyware, Apple\u2019s rapid responses and updates still prove that user\u2019s
\nconfidential data is a top priority. Upon a vulnerability being discovered and
\npresented to Apple, either through the bug bounty program created specifically
\nto find problems or through malicious activity, an updated version patching the
\nproblem is released in a matter of days. The sheer fact that Apple has released
\nfifteen security updates since iOS 11 validates this claim. <\/p>\n

The types of malware that were
\ndiscussed is evidence that those who are creating these are becoming smarter
\nand more malicious. Although some malware is more of an annoyance, others have
\nproven to be particularly dangerous. The Ikee worm was not intended to be
\nmalicious but rather opened the door as to what could happen in future. This
\npath led hackers to create the Pegasus spyware which is a prime example of just
\nhow malicious malware can be. This malware can ultimately control the iOS
\ndevice while running in the background without the user ever knowing and it can
\neasily be downloaded onto a device through a simple click of a PDF or URL. \u00a0<\/p>\n

Law enforcement and Apple had kept a
\ncivil relationship when any assistance was needed in solving specific cases.
\nBut as Apple increased its security features, the working relationships it had
\nwith the federal government had become tense. A \u201cfalling out\u201d occurred between
\nthe two which led to the federal government attempting to bully Apple through
\nthe judicial system. The federal government did not obtain what they wanted
\nthrough this measure and ended up paying a third-party company to break into
\nthe iOS hardware and retrieve the information. This method of bypassing Apple\u2019s
\nsecurity features has become more popular with law enforcement and authority
\nagencies across the country. This will continue to be a \u201ccat and mouse game\u201d
\nbetween these parties to try and stay ahead of the other. \u00a0<\/p>\n

By following Apple\u2019s recommendations,
\nnot jailbreaking the iOS device, and practicing common sense will decrease the
\nprobability of malware infection. Unfortunately, not everyone who owns an iOS
\ndevice will follow these recommendations, which will only continue this
\nconstant cycle of malware infection, security upgrades, and stolen data. <\/p>\n

References<\/h2>\n
    \n
  • [1]<\/sup>Lemos R. (2011) Apple iOS: Why it\u2019s the most secure os, period. InfoWorld.<\/em><\/li>\n
  • [2] <\/sup>Damopoulos D., Kambourakis G., Gritzalis S. (2011) iSAM: An iPhone Stealth Airborne Malware. In: Camenisch J., Fischer-H\u00fcbner S., Murayama Y., Portmann A., Rieder C. (eds) Future Challenges in Security and Privacy for Academia and Industry. SEC 2011. IFIP Advances in Information and Communication Technology, vol 354. Springer, Berlin, Heidelberg<\/li>\n
  • [3]<\/sup>Chung P., Jang Y., Lau B., Song C., & Wang T. (n.d.) Mactans: Injecting malware into iOS devices via malicious chargers<\/em> [White paper]<\/li>\n
  • [4]<\/sup>Ritchie R. (2016) Apple has patched the Pegasus malware, but here\u2019s what you need to know. iMore<\/em> <\/li>\n
  • [5]<\/sup>Apple. (2018). iOS security: iOS 11<\/em> [White paper]<\/li>\n
  • [6]<\/sup>Jay, J. (2017). TEISS\u00ae: Cracking Cyber Security. IOS and security: timeline of Apple\u2019s iPhone security evolution.<\/em><\/li>\n
  • [7]<\/sup>La Polla, M., Martinelli, F., & Sgandurra, D. (2013) A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials<\/em>, 15(1), 446-471 <\/li>\n
  • [8]<\/sup>F-Secure Corporation. (2009). Worm:iPhoneOS\/Ikee.<\/li>\n
  • [9]<\/sup>Vanian J. (2016) This Nasty New Malware Can Infect Your Apple iPhone or iPad. Fortune.<\/em><\/li>\n
  • [10]<\/sup>Oliver, S. (2009). First-known iPhone worm \u2018Rickrolls\u2019 jailbroken Apple handsets. <\/li>\n
  • [11]<\/sup>Pereira, A. (2012). First iOS malware hits App Store via the Find & Call app, promptly pulled down- Technology News, Firstpost. <\/li>\n
  • [12]<\/sup>Xiao, C. (2016). Palo Alto Networks Blog. AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device \u2013 Palo Alto Networks Blog.<\/em><\/li>\n
  • [13]<\/sup>Xiao, C. (2015a) Palo Alto Networks Blog. Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store \u2013 Palo Alto Networks Blog.<\/em><\/li>\n
  • [14]<\/sup>Xiao, C. (2015b) Palo Alto Networks Blog. Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps \u2013 Palo Alto Networks Blog.<\/em><\/li>\n
  • [15]<\/sup>Gui, X., Liu, J., Chi, M., Li, C., & Lei, Z. (2016). Analysis of Malware Application Based on Massive Network Traffic. China Communications<\/em>, 13(8), 209-221. Doi:10.1109\/CC.2016.7563724<\/li>\n
  • [16]<\/sup>Lookout. (2016) Technical analysis of Pegasus spyware: An investigation into highly sophisticated espionage software <\/em>[White Paper]<\/li>\n
  • [17]<\/sup>Cellebrite. (2018) Digital intelligence for a safer world. <\/li>\n
  • [18]<\/sup>Owen, M. (2018). Cellebrite advertises its ability to unlock devices running iOS 11, including the iPhone X, to government agencies. Apple Insider<\/em>.<\/li>\n
  • [19]<\/sup>McMillan, R. (2018, June 15). Meet Apple\u2019s Security Headache: The GrayKey, a Startup\u2019s iPhone-Hacking Box. The Wall Street Journal<\/em>.<\/li>\n
  • [20]<\/sup>Conger, K. (2016). TechCrunch \u2013 Startup and Technology News. Apple announces long-awaited bug bounty program \u2013 TechCrunch.<\/em><\/li>\n
  • [21]<\/sup>Schulze, M. (2017). Clipper Meets Apple vs. FBI \u2013 a comparison of the cryptography discourses from 1993 and 2016. Media and Communication<\/em>, 5(1), 54-62. doi:10.17645\/mac.v5i1.805<\/li>\n
  • [22]<\/sup>Potapchuk, J. L. (2016). A Second Bite at the Apple: Federal Courts\u2019 Authority to Compel Technical Assistance to Government Agents in Accessing Encrypted Smartphone Data under the All Writs Act. Boston College Law Review,<\/em> 57(4), 1403-1446\u00a0 <\/li>\n
  • [23]<\/sup>Gamet, J. (2018). The Mac Observer \u2013 Apple iPhone, Mac, Watch and iPad News, Opinions, Tips and Podcasts. Apple is Making iPhone Hacking a Lot More Difficult for Law Enforcement with iOS 11.4 \u2013 The Mac Observer.<\/em><\/li>\n
  • [24]<\/sup>DuPaul, N. Use Veracode to secure the applications you build, buy, & manage. IOS Security Guide: Data Protection Tips | Veracode.<\/em><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    iOS Security: Rebelling against Hacks and the Government Abstract Apple\u2019s mobile iOS technology was introduced in 2007 and in eleven years, it has quickly grown to be one of the top smartphone operating systems. The iOS has been well-regarded as being the most secure compared to other mobile OS on the market. Although it has […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8346],"tags":[9845,5294,9887,9867,9888,9889,9890,9886,9885],"class_list":["post-74931","post","type-post","status-publish","format-standard","hentry","category-technology-examples","tag-1-dissertation-writing-service-in-uk","tag-bishops-writing-bureau","tag-cn","tag-create-a-paper-using-the-following-criteria","tag-homework-help-assignment-answers","tag-in-1050-word-essay","tag-in-a-4-to-6-page-essay","tag-in-a-page-paper-assignment","tag-write-an-essay-in-words"],"_links":{"self":[{"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/posts\/74931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/comments?post=74931"}],"version-history":[{"count":0,"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/posts\/74931\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/media?parent=74931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/categories?post=74931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.colapapers.com\/us\/wp-json\/wp\/v2\/tags?post=74931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}