All the latest UK technology news, reviews and analysis


Pirates target iOS enterprise loophole to spread fake iPhone apps

28 Jan 2013
apple-iphone-5

Chinese cyber crooks are exploiting a loophole in Apple's iOS enterprise deployment procedures to release pirated apps onto iPhones.

Trend Micro reported detecting a new influx of pirated apps appearing on iOS over the past few weeks in a blog post.

"In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services," said Warren Tsai, product manager for Trend.

Tsai said apps are able to appear on non-jailbroken iOS devices, a development that significantly widens the threat to iPhone users, thanks to a loophole in Apple's iOS enterprise deployment policy.

"The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users," he said.

Apple has traditionally managed to keep its mobile iOS operating system free of malicious apps and software by employing a closed development model, where all apps must be vetted before appearing in its official store.

Trend Micro said that while the pirate apps appearance is troubling, they do not currently pose a serious security risk.

"This ‘newly discovered' method represents one of the methods to get malicious/fake apps onto the iOS devices. However, because the iOS sandbox has not been compromised, what each app can and can't do is rather limited," added Tsai.

The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem.

"For now it's not likely to be much of a security threat, as the number of users who would actually use these ‘pirated' app stores is rather limited. However, it does represent an interesting avenue for targeted attacks in enterprise settings."

The news follows a boom in the volume of mobile malware targeting the competing Android ecosystem.

Trend Micro had previously warned the number of malware strains targeting Android would break past the one million milestone by the end of the year.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
24%
15%
4%
17%
28%
12%

Popular Threads

Powered by Disqus
samsung-galaxy-s5-smartphone

Samsung Galaxy S5 video review

We break down the key strengths and weaknesses of Samsung's latest Android flagship

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Unified Communications Consultant

Unified Communications Consultant - to £68k + excellent...

Test Analyst (Salesforce)

Our client is looking for contract Test Analyst for a...

Internet Bank Support - Galaxy

Our client requires an experienced Internet Bank Support...

3rd Line Technical Support Engineer / Consultant

Our client is looking for a 3rd line technical support...
To send to more than one email address, simply separate each address with a comma.