News  Apple
iOS AirDrop - video shows live iPhone hack

Installs signed apps without warning the user

Security researcher Mark Dowd has disclosed a vulnerability in Apples iOS and OS X which allows attackers to overwrite any file on a targeted device. With a little manipulation, it can even install a signed app which is fully trusted by the onboard system without even warning the user.

It turns out AirDrop is the culprit - the feature in Apples' operating systems which allow files to be sent directly to other devices. When set to allow connections from anyone, an attacker can hack the device even when it's locked. 

Dowd used his own Apple Enterprise Certificate to make a profile for a test app which enabled it to run on any device.

Allows any file to be written

Usually, hacks of this kind rely on buffer overflow memory corruption, but this one doesn't. Here it is in action:

Dowd explained the exploit is similar to the recent "photo pushing" exploit where a woman was sent unsolicited images on a train. The attack uses bluetooth and affects all devices running the vulnerable OS - even those which haven't been jailbroken. He said the mechanism an attacker would use would be to mingle in crowded places looking for vulnerable devices and begin installing malware when they found any.

The advice is to immediately disable AirPush and then to wait for an update.