Does iOS Need Antivirus Protection? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:38 PM
Kurt Marko
Kurt Marko
Connect Directly

Does iOS Need Antivirus Protection?

Restrictions on what legitimate apps can do within iOS make it impossible for third parties to produce anti-malware software, putting the security onus entirely on Apple.

By now, security-conscious IT pros know about the new and improved version of the iOS jailbreaking software, jailbreakme, now with iPad 2 support. It ingeniously exploits a flaw in the iOS PDF display code to, via a buffer overrun attack, load jailbreak code into the root file system of the device. Once rebooted, the hacked code injects itself into the device's startup sequence using the video frame buffer as its temporary scratch memory.

What makes this exploit so nefarious is not only its device-independence (it works on everything from the original iPhone and iPad Touch to the latest iPad 2), but that it uses innocuous-looking PDF files, delivered via the browser using Safari's built-in PDF viewer, as its distribution method. While jailbreakers generally know what they're getting into, the same technique could be used more deviously by those with less wholesome intentions to deliver "modified" PDF files via obfuscated URL shortening and a Twitter or Facebook feed. While the specific PDF vulnerability has not been publicly identified, and the current exploit isn't known to have a malicious payload, the technique could easily be used for more nefarious purposes than jailbreaking. As a posting on F-Secure's blog points out:

"A Twitter account belonging to Fox News was recently hacked and used to declare the death of Barack Obama. That hacked account could just have easily posted malicious links. Heck, the links wouldn't even need to be malicious.

"We can easily imagine AntiSec hackers tweeting links directly to jailbreak PDF files. When somebody clicks on such a link from their Twitter app, it would open Safari — as Apple doesn't allow for other default browsers — and then Safari would attempt to view the PDF. And then… jailbreak."

So, although the intent and results of this hack appear to be relatively benign (and reversible), it's still interesting and disturbing because of its technique -- an app running in user space that can inject code into the device's root file system -- and distribution method -- untethered, wireless browsing to a site with the malicious payload versus Apple's standard method for kernel modifications using iTunes and DFU (device firmware update) mode. Of course, Apple promises a patch for this iOS vulnerability, and based on the last time this PDF vulnerability was exploited (August), the fix will likely be quick in coming, perhaps even by the time you read this.

However, this incident raises a larger issue: What should Apple's (or any mobile device vendor's) strategy be toward security? While iOS incorporates many security techniques not seen in the more open PC environment, including a tightly controlled, curated application ecosystem, this incident clearly demonstrates that it's still not immune to serious security holes. Since we're on the third iteration of this particular exploit, I'm wondering if Apple should do more than play whack-a-mole, issuing iOS patches in response to the latest hack.

Sure, the reactive approach is the norm; witness Microsoft's monthly Patch Tuesday releases to fix the endless stream of discovered Windows holes. But Apple's tight control of the iOS application ecosystem also means it's impossible for third parties to produce antivirus/anti-malware software. There are too many restrictions on what legitimate applications can do within iOS, such as scanning another app's memory or local storage, to allow traditional A/V techniques to work.

Of course, this is a blessing and a curse. Such tight control over an application's access to the rest of the system is a cornerstone of the iOS security model. However, it also means the security onus is entirely on Apple. Android's more open approach enables third-party security apps, such as AVG, Lookout, and Symantec, to augment native runtime protections built in to the OS with code-scanning and data-protecting features that arguably can catch (or mitigate) zero-day -- read: unpatched -- exploits. Still, I'm not sure which model will work best on mobile devices: Apple's tightly controlled, IBM-mainframe approach or Android's freewheeling, all-comers, Microsoft PC-like paradigm.

If history is any guide, my bet's on the former. How about you?

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll