Hacker, Researcher and Author.

Vulnerability Discovered In iPhone - Poses Serious Threat To Users

Another vulnerability has been discovered on iPhone that could allow hackers to remotely control it. Skycure, an Israeli company, states it to be a major flaw in iOS configuration which could post a malware threat.

A file known as mobileconf is being attacked due to this vulnerability. This file is used by phones carriers to configure system-level settings including WiFi, VPN, email and APN.

Skycure's CEO, Adi Sharabani, has taken the exploit to a test drive to explain how an iPhone can be controlled while retrieving victim's location and other sensitive information.

Ways to get infected:

  1. Victims browse to an attacker-controlled website, which promises them free access to popular movies and TV-shows. In order to get the free access, “all they have to do” is to install an iOS profile that will “configure” their devices accordingly.
  2. Victims receive a mail that promises them a “better battery performance” or just “something cool to watch” upon installation.

To avoid this attack one must follow these rules:

  • You should only install profiles from trusted websites or applications.
  • Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http).
  • Beware of non-verified mobileconfigs. While a verified profile isn't necessarily a safe one, a non-verified should certainly raise you suspicion.


About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.

1 comment:

  1. Like the same problem i faced in my phone ... Is there any ways to secure vulnerabilities from this??


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.