Apple’s iOS Proven Vulnerable (Again!) as Android Leaks Biometric Info – Mobile Security Weekly

We may have missed one or two weekly updates, but this week’s issue definitely makes up for it. Three serious issues have the ability to affect millions of mobile users around the world. Two of these affect iOS users, so Apple might not be as far ahead security-wise as it would want you to believe.

Researchers discover iOS8 Wi-Fi Vulnerability

Researchers have released details on a vulnerability in iOS 8 which can be exploited by malicious wireless hotspots in order to repeatedly crash and reboot nearby iOS devices.

The denial-of-service is triggered by manipulating SSL certificates sent to the iOS devices over Wi-Fi. Specially, customized data sent out by malicious hotspots can be set up by almost any attacker, causing apps or possibly the entire OS to crash, rendering the device unusable.

It’s also possible that the attack could be combined with an HTTP request hijacking to trick iOS apps into retrieving information from an attacker’s servers, allowing the device to be infected with more advanced malware.

http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/

Why is this Significant?

This is the second instance in as many paragraphs that prove iOS is no where near as safe as Apple claims it to be. Android’s market places may be more vulnerable, but as we can see here, attackers have more than enough methods of harm iOS devices and their users.

Yet Another SSL Issue on iOS

Researchers have discovered a vulnerability in AFNetworking, a 3rd party library component which takes part in the implementation of Web communications, including those over HTTPS (HTTP with SSL/TLS encryption), within thousands of iOS apps .

This vulnerability in the popular open-source networking library allows attackers potentially access encrypted traffic of over 25,000 iOS applications. The issue involves a failure to validate the domain names of digital certificates in AFNetworking, which is used by a large number of iOS and Mac OS X app developers.

An attacker can exploit this by intercepting encrypted traffic between a vulnerable application and a Web service, then decrypt it by presenting the application with a digital certificate for a different domain name. This kind of MitM attack could originate either from an unsecure wireless network or a more advanced targeted attack. The result of an attack could range from data theft to exploiting usernames and passwords to gain control of the victim’s iOS device.

http://arstechnica.com/security/2015/04/24/critical-https-bug-may-open-25000-ios-apps-to-eavesdropping-attacks

Why is this Significant?

This issue highlights the topic of certificate pinning, something we’ve discussed in the past. The few apps that do choose to implement certificate pinning are safe. From another perspective, this isn’t the first issue, AFNetworking has suffered over the past few weeks. Although it has patched the vulnerability, it’s the fact that it even existed in the first place which should place iOS users on guard.

New Android Fingerprint Vulnerability

Researchers have discovered a security flaw in Android that could enable attackers to intercept fingerprint data, which could be exploited to bypass the phone’s lock code or to authorize payments.

User fingerprint data is supposed to be stored within a secure area of Android. However, due to the flaw, an attacker can intercept the fingerprint data before it is locked away in the “Trusted Zone”. As a matter of fact, on the Samsung Galaxy S5, this was even easier as attackers found that they would just have to access the phone’s memory to retrieve the fingerprint data. Samsung have been alerted to this issue.

The issue exists within Android Lollipop (5.0) and is supposed to be solved by updating to 5.1.1. However, the age-old issue of Android fragmentation means that many users won’t have access to the newest version for quite a while.

Why is this Significant?

Fingerprints and other forms of biometrics are becoming increasingly prevalent within various kinds of authentication. This issue, as many others have done in the past, proves that it may be a bit early to rely on the technology. For the moment, both the OEMs and the OS developers aren’t doing enough to keep users safe.