SandJacking – a new technique of hacking iOS devices without jailbreak
The development of malicious apps for iOS it is not simple. The architecture of the OS provides for starting each individual application in the sandbox. This approach will not allow other processes to use resources and application data. The security sandbox in this architecture has the highest priority, because inside the sandbox may be your most important documents, databases, libraries, and cookies.
Apple does all it can to prevent the spread of malware, causing iPhone and iPad users to install all applications exclusively from your store.
Despite all taken by the developer action in the past few years malware has spread to the device to bypass the strict limitations through the exploitation of design errors. These are the WireLurker malware, YiSpecter, XCodeGhost, ZergHelper and AceDeceiver.
Security researcher from Security company Mi3 Chilik Tamir is the author of various techniques of bypass of security restrictions in iOS. Previously, he successfully demonstrated the substitution of the Apple certificate to install malware on the iPhone and iPad, and also presented at the Black Hat Asia this year, a demonstration of the exploit to attack Su-A-Cyder. The attack was to quick FOR the substitution of legitimate for fake iPhone when connected to the computer. A similar attack was easy to implement before the release of iOS 8.3.
New attack SandJacking, presented by Securitylab, is essentially a new method of operation Su-A-Cyder, but this method works on the latest iOS version. The problem lies in the fact that in eliminating the vulnerabilities used for the Su-A-Cyder, the developer eliminated a bug in the application installation process. However, the same vulnerability can be exploited during the restore application using the backup.
An attacker can backup applications to replace it genuine the file for malware and restore the application using the edited copy. Successful exploitation of the vulnerability requires physical access to the device.
A successful attack SandJacking was demonstrated during the conference Hack In The Box (HITB). The researcher has already informed Apple about the found vulnerabilities.