All the latest UK technology news, reviews and analysis


Pirates target iOS enterprise loophole to spread fake iPhone apps

28 Jan 2013
apple-iphone-5

Chinese cyber crooks are exploiting a loophole in Apple's iOS enterprise deployment procedures to release pirated apps onto iPhones.

Trend Micro reported detecting a new influx of pirated apps appearing on iOS over the past few weeks in a blog post.

"In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services," said Warren Tsai, product manager for Trend.

Tsai said apps are able to appear on non-jailbroken iOS devices, a development that significantly widens the threat to iPhone users, thanks to a loophole in Apple's iOS enterprise deployment policy.

"The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users," he said.

Apple has traditionally managed to keep its mobile iOS operating system free of malicious apps and software by employing a closed development model, where all apps must be vetted before appearing in its official store.

Trend Micro said that while the pirate apps appearance is troubling, they do not currently pose a serious security risk.

"This ‘newly discovered' method represents one of the methods to get malicious/fake apps onto the iOS devices. However, because the iOS sandbox has not been compromised, what each app can and can't do is rather limited," added Tsai.

The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem.

"For now it's not likely to be much of a security threat, as the number of users who would actually use these ‘pirated' app stores is rather limited. However, it does represent an interesting avenue for targeted attacks in enterprise settings."

The news follows a boom in the volume of mobile malware targeting the competing Android ecosystem.

Trend Micro had previously warned the number of malware strains targeting Android would break past the one million milestone by the end of the year.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Microsoft Azure outage

Is cloud computing reliable enough for business yet?
9%
7%
17%
67%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Space Planning Assistant

Central London (Regent campus) Fixed Term until...

IT Security Manager

IT Security Manager Overview: Do you want to...

Business Analyst - ERP Team

BUSINESS ANALYST – ERP TEAM, Based in Uxbridge, London...

PHP Developer MVC - Central London

Who are we? Shopworks We are a Workforce Management...
To send to more than one email address, simply separate each address with a comma.