Apple mobile devices vulnerable to app. attack

Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
This is a tricky one since it works by exploiting the one weakness in security - lack of knowledge on the part of users. This looks like a very easy breach of security to propagate since people can be easily enticed by the promise of free things, that importantly, look legitimate.

I'm going to guess that most users are unaware that apps ought to come from the App Store and that apps that don't are invalid. At a minimum, this highlights a hole in the authentication of installation on iOS. Here's hoping that this gets fixed in an 8.1.x bug fix release.
 
OP
McBie
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Very difficult to fix ( technically ) because people are free to install whatever they want..
And I don't envisage Apple to take note of each signature for the millions off apps that are out there.

People awareness is the only thing that can protect you from this.

Cheers ... McBie
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
People awareness is the only thing that can protect you from this.
So, we're screwed then (not a criticism of people - you just can't get to everyone)? ;)
 
OP
McBie
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Scr3wed in a way that you are becoming more and more dependant on the Apple eco system.
Is that good or bad ? Don't know really.
My priority is to enjoy my Apple devices and remain confident that they behave as expected, with minimal risk.

Cheers ... McBie
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,249
Reaction score
1,829
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
@McBie:

Maybe there's something here that I'm not seeing? I thought that unless your iPhone was jail broken, apps had to be installed from the iTunes app store? Once you jail break an iPhone, anything goes....
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
@McBie:

Maybe there's something here that I'm not seeing? I thought that unless your iPhone was jail broken, apps had to be installed from the iTunes app store? Once you jail break an iPhone, anything goes....

I thought the same thing in order to install an app outside of the App Store the phone had to be jailbroke.
 
Joined
Oct 16, 2010
Messages
15,145
Reaction score
599
Points
113
Location
Brentwood Bay, BC, Canada
@McBie:

Maybe there's something here that I'm not seeing? I thought that unless your iPhone was jail broken, apps had to be installed from the iTunes app store? Once you jail break an iPhone, anything goes....



+1!!

And I understood that also applies to all iOS devices. Hmmm…??? :D
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
As far as I understand it, no jailbreak is required. All that's required is a malicious app that has a provisioning profile with the same ID as a legitimate app. That said, I have also heard that the device must be jail broken.
 
OP
McBie
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
I am not sure if the device needs to be jailbroken or not.
They way I understand it, is that you can ( potentially ) load bad apps. that pretend to be legitimate apps.
At the moment I am not sure what the technical requirements are to achieve that.

I am sure we will hear more about this in the next few months.

Cheers ... McBie
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
You need an enterprise developer account and possibly the UDID of the device. That's all I think you need.
 
OP
McBie
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Is there a list somewhere of all the enterprise developers ?
One of the national newspapers in Belgium has an iOS app. that is not ( yet ) on the Appstore and I am wondering if organisations like that are enterprise developers.

How easy is it to get an enterprise developer ID ( legally or not )

Cheers ... McBie
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
558
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
How easy is it to get an enterprise developer ID ( legally or not )
$300/year and a DUNS number which, from I can tell, is free.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top