Security Experts:

McAfee Details Remote iPad Hack in Mobile Security Demonstration

McAfee has published a paper detailing an attack on the Apple iPad to highlight the challenges facing mobile device security.

The paper is based off research McAfee presented in October at its FOCUS 11 conference and demonstrates how an attacker can use a man-in-the-middle attack to compromise an iPad and install malware. At the RSA Conference last week, the company took it a step further – showing how a person’s iPad can be compromised if they were to log on to WiFi using a rogue access point. From there, an attacker launching a man-in-the-middle (MitM) attack would inject an iFrame into whatever site the user visits.

iPad The next step is to jailbreak the device and install malware capable of giving attackers long-term access to the machine, explained Ryan Permeh, principal security architect in the office of the CTO at McAfee.

“It’s very silently jailbroken in a way that the user of the device does not actually even know that he’s been jailbroken,” he said. “Once we’ve silently jailbroken the device, we use that as a platform to install malicious software.”

In the demonstration at the RSA Conference, that malware is a remote access Trojan that would give an attacker the ability to remotely control the device. Permeh said users should make sure their operating system version is up-to-date, and be cautious when using public WiFi. Consumers should also look to add antivirus protection to their mobile devices, he said.

The paper, which showcases the attack demonstrated at FOCUS, can be viewed here. Mobile security was a hot topic at the RSA Conference, and was the subject of a brand new track. Former McAfee executives George Kurtz and Dmitri Alperovitch – now co-founders of the firm CrowdStrike – exploited a zero-day vulnerability in the Webkit browser engine in order to compromise a Google Android phone.

When asked what companies can do to build better user buy-in for mobile security, Webroot Mobile Threat Research Analyst Armando Orozco told SecurityWeek that “education is key.”

Resource: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

“We don’t think users fully understand just how much is stored on their devices, or everywhere they connect,” he said. “The best way to get them to buy in is through education with real world examples.”

Two vulnerabilities exploited to conduct the attack have been fixed in recent versions of Apple’s iOS, though McAfee notes the fact that many users have not upgraded their iPads for various reasons—from simple ignorance to the fact that they want to jailbreak their devices.

"The exact same attacks work just as well against iPhones and iPod touch," Permeh told SecurityWeek. "Its slightly less likely to have an iPhone connect to a rogue wireless because it typically has a 3g connection to access the internet. This doesn't mean that no iPhones would connect, i just suspect the percentage might be lower than that of iPads. This might be changing with the carriers moving to metered data plans, so there may be more need for access via hotspot, particularly in regards to things like streaming media."

"The Apple iOS is more secure than many other operating systems, but it’s not impenetrable," the paper concludes. "For this hack, it didn’t matter whether the victim was using SSL. All we needed was an unaware or unconcerned victim."

Hacking iPad Remotely

Related Reading: Mobile Devices Leak Cryptographic Keys Via Electromagnetic Emissions

Related Reading: Separating Fact from Hype on Mobile Malware

Resource: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms