Mass Hacking of iOS Devices Possible, Researchers Say
An army of zombie iPhones and iPads? It's not as impossible as it sounds, claim a group of Georgia Tech researchers. Though many people consider iOS security to be nigh-on impenetrable, these researchers say they can conduct a mass infection of iPhones and iPads and turn the captured devices into a botnet of "slaved" iOS devices to do their bidding. How do they do this? With Windows computers.
Details are still sketchy, as the Georgia Tech researchers behind the study are waiting to give their full report at the Black Hat security conference in Las Vegas next week. But for now, here's what we know about the potential to create an iPhone botnet.
When iOS devices connect to Windows PCs, as many do, they allegedly become vulnerable to certain types of specially crafted Windows malware. This gives the researchers the opening they need to potentially compromise iOS devices that have connected to infected Windows machines.
A botnet is a network of devices secretly running malware that allows them to be controlled via the Internet from a centralized administrator. The administrator can force the devices in the botnet to perform tasks such as sending spam or spreading more malware. Devices in a botnet are sometimes called "zombies" because they aren't in control of their own actions.
Depending on the type of malware used to "zombify" the infected devices into the botnet, the devices' original owners may lose some or all control over their devices — or they may never learn that something is wrong.
It seems that only Apple devices that connect to infected Windows machines are vulnerable, but that is still a significant amount: Around 23 percent of the Windows PCs the researchers tested regularly connect to iOS devices, they claim.
Does this mean that Apple is off the hook, or that Microsoft is entirely to blame for the vulnerabilities that allow for creating an iOS botnet? No, said the researchers: Their hack is made possible by chaining together a number of small flaws in the iOS operating system. Separately, these bugs seem small. But put together, they create a massive vulnerability, the researchers claim.
Most of the bugs come from a jailbreak technique called evasi0n, published by a group of hackers last December. Evasi0n strings together eight different bugs in the iOS operating system. In iOS 7.1, released last March, Apple patched just three of the eight.
The researchers say they're capitalizing on these remaining five bugs, as well as two new ones they discovered themselves, in order to create their botnet proof-of-concept. What's more, the researchers say they alerted Apple about these two new bugs, but the company has yet to patch them.
"For some seemingly trivial bugs, Apple doesn't seem to care very much. But from the attacker's point of view, these 'trivial bugs' can add up to very important attacks," Tielei Wang, a research scientist at Georgia Tech who will present at Black Hat next week, told Wired Magazine.
The researchers won't hand out the code for their botnet exploit at Black Hat, they say.
"But if some of the other developers understand our talk, they could reproduce the work," Georgia Tech graduate research assistant Yeongjin Jang told Wired.
- Best Free PC Antivirus Software 2014
- How Your Next Hotel Room Could Be Hacked
- 9 Tips to Stay Safe on Public Wi-Fi
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.