Check iPhone for Malicious code
May 15, 2019 1:12 PM Subscribe
With the recent news about the WhatsApp hack, I began wondering how I would check/identify if anything was installed on my iPhone without my knowledge/permission. What are the tools/processes to check everything that's installed on your iPhone?
Best answer: It’s Almost Impossible to Tell if Your iPhone Has Been Hacked (Vice, May 14 2019)
A recent vulnerability in WhatsApp shows that there’s little defenders can do to detect and analyze iPhone hacks.
A recent vulnerability in WhatsApp shows that there’s little defenders can do to detect and analyze iPhone hacks.
As of today, there is no specific tool that an iPhone user can download to analyze their phone and figure out if it has been compromised. In 2016, Apple took down an app made by Esser that was specifically designed to detect malicious jailbreaks. Moreover, iOS is so locked down that without hacking or jailbreaking it first, even a talented security researcher can do very little analysis on it. That is why security researchers crave expensive iPhone prototypes that have security features disabled, as a Motherboard investigation revealed earlier this year. [...]posted by Little Dawn at 1:33 PM on May 15, 2019 [1 favorite]
Several iOS security researchers who spoke with Motherboard agree that the iPhone is too locked down for its own good. That makes it very hard for even experts to tell if a device has been compromised without jailbreaking it first, a feat that is not feasible for most users anymore. [...]
A security researcher who has extensive experience developing exploits, who asked to remain anonymous because he didn’t want to openly criticize potential customers, said that the fundamental problem is that iOS is “a bug rich environment,” and that Apple’s strategy only works against “hobbyist attackers” but is “quite counterproductive against professional attackers.” [...]
The result is that—for the vast majority of people—the iPhone is still a very secure device. But all software, be it a secure messaging app like WhatsApp, or an operating system like iOS, have vulnerabilities. And when those vulnerabilities are exploited on an iPhone, there's often no way of knowing.
My employer just pushed an app called zIPS to all their company-managed mobile devices. They may be kidding themselves, but their justificatory spiel was that the app detects possible iOS exploits.
Anecdotally - this app kicks the crap out of the battery life of my colleagues' Android devices. It barely moves the needle on the battery of my iPhone 8+. Perhaps that reflects the fact that there's not much that it can do on iOS, whereas it's busily & CPU-intensively intervening all over the 'droid world? I don't know.
posted by rd45 at 3:01 AM on May 16, 2019
Anecdotally - this app kicks the crap out of the battery life of my colleagues' Android devices. It barely moves the needle on the battery of my iPhone 8+. Perhaps that reflects the fact that there's not much that it can do on iOS, whereas it's busily & CPU-intensively intervening all over the 'droid world? I don't know.
posted by rd45 at 3:01 AM on May 16, 2019
> Anecdotally - this app kicks the crap out of the battery life of my colleagues' Android devices. It barely moves the needle on the battery of my iPhone 8+. Perhaps that reflects the fact that there's not much that it can do on iOS, whereas it's busily & CPU-intensively intervening all over the 'droid world? I don't know.
At a guess, it's simply not behaving as intrusively on an iPhone as on an Android; scanning stored data and monitoring app and OS behavior is what makes security software a massive resource and power drain on phones and laptops alike.
iOS apps are constrained to using the code that Apple permits (public APIs) in order to be distributed through the iOS App Store, and things like intercepting and modifying other apps' behaviors (essential to most data security software) are explicitly forbidden. Google has similar, although less restrictive, restraints on app behavior appearing in their Android App Store, but since Android devices aren't limited only to only Google's app store, software like zIPS can be legitimately installed by other means, bypassing restrictions.
posted by ardgedee at 7:46 AM on May 16, 2019
At a guess, it's simply not behaving as intrusively on an iPhone as on an Android; scanning stored data and monitoring app and OS behavior is what makes security software a massive resource and power drain on phones and laptops alike.
iOS apps are constrained to using the code that Apple permits (public APIs) in order to be distributed through the iOS App Store, and things like intercepting and modifying other apps' behaviors (essential to most data security software) are explicitly forbidden. Google has similar, although less restrictive, restraints on app behavior appearing in their Android App Store, but since Android devices aren't limited only to only Google's app store, software like zIPS can be legitimately installed by other means, bypassing restrictions.
posted by ardgedee at 7:46 AM on May 16, 2019
> Several iOS security researchers who spoke with Motherboard agree that the iPhone is too locked down for its own good.
Oh, there's a typo, they printed "for its own good" when the researchers must have said "for our own good".
For an iOS device, if you haven't tried to jailbreak it, and if you haven't been installing VPN apps or other Managed Device profiles, there's very little in the way of generic security threats. (If a nation state-type of actor might be targeting you you, well, you need better advice than MeFi.)
So: do check Settings -> General -> VPN and Settings -> General -> Profiles. Both should be empty.
Also, Settings -> General -> About should say you're on iOS 12.3.
Beyond that, not much that I can think of.
posted by RedOrGreen at 12:04 PM on May 16, 2019 [1 favorite]
Oh, there's a typo, they printed "for its own good" when the researchers must have said "for our own good".
For an iOS device, if you haven't tried to jailbreak it, and if you haven't been installing VPN apps or other Managed Device profiles, there's very little in the way of generic security threats. (If a nation state-type of actor might be targeting you you, well, you need better advice than MeFi.)
So: do check Settings -> General -> VPN and Settings -> General -> Profiles. Both should be empty.
Also, Settings -> General -> About should say you're on iOS 12.3.
Beyond that, not much that I can think of.
posted by RedOrGreen at 12:04 PM on May 16, 2019 [1 favorite]
Response by poster: Thanks all. My concerns are related to high value corporate data with a fintech. Not nation state, but definitely in the threat realm from organized criminal syndicates. From reading between the lines, there is probably more non-public approaches available, and since Apple has always been a pay to play model, there may be tiers of access/support that can be negotiated directly. We’ll reach out to our Apple rep and start a conversation there.
posted by herda05 at 7:55 PM on May 16, 2019 [1 favorite]
posted by herda05 at 7:55 PM on May 16, 2019 [1 favorite]
Best answer: High value corporate data in a fintech is more at risk due to people open word docs and things not getting patched than IOS, as a platform, being compromised FWIW.
You have broader, more poorly defended attack surfaces to tackle well before you worry about IOS.
There aren't non public approaches available, the best defense of IOS as an ecosystem is available to you today with common architectures for data and accounts which the device will have access to and MDM, which is what your rep will tell you. You will end up on JAMF and end up using device profiles, which are excellent if not just annoying.
Best of luck, absolutely talk to your rep and have a broader discussion about the other attack surfaces you're presenting as they present much softer targets than the closed operating system of IOS.
posted by iamabot at 9:53 PM on May 16, 2019 [2 favorites]
You have broader, more poorly defended attack surfaces to tackle well before you worry about IOS.
There aren't non public approaches available, the best defense of IOS as an ecosystem is available to you today with common architectures for data and accounts which the device will have access to and MDM, which is what your rep will tell you. You will end up on JAMF and end up using device profiles, which are excellent if not just annoying.
Best of luck, absolutely talk to your rep and have a broader discussion about the other attack surfaces you're presenting as they present much softer targets than the closed operating system of IOS.
posted by iamabot at 9:53 PM on May 16, 2019 [2 favorites]
« Older Help a friend out: Topeka, KS edition | Do I have a defective character, or is this just a... Newer »
This thread is closed to new comments.
The walled garden approach of IOS makes it difficult to exploit, especially remotely but it also makes it difficult to employ forensics analysis tools for the average consumer who doesn't have access to hardware that an IOS developer typically has.
Basically if you think a government is out to get *specifically you*, you should be concerned and wipe the phone as well as be on the look out for getting droned.
If you are anyone else, you're incredibly unlikely to be impacted by this specific vulnerability, even though it's pretty sensational.
posted by iamabot at 1:23 PM on May 15, 2019 [1 favorite]