Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

I2R and SMU strengthen security of iOS platform with mitigating measures on proof-of-concept attacks

04.10.2013
I²R, Singapore’s largest ICM research institute, and SMU are the first in Singapore to discover three security weaknesses in iOS 7, which Apple Inc. has recognised and rectified.

Researchers from the Infocomm Security Department at A*STAR’s Institute for Infocomm Research (I2R) and Singapore Management University’s (SMU) School of Information Systems have identified three proof-of-concept attacks which can be performed by third-party applications to threaten the security of the iOS platform.

The attacks, which include pass-code cracking, interference with or control of telephony functionality and sending tweets without the user’s awareness and permission, have been rectified by Apple Inc in its latest operating system, iOS 7.

Apple’s iOS operating system is one of the most popular mobile operating systems in terms of the number of users. As of January 2013, 500 million iOS devices have been sold worldwide, and Apple’s iTunes App Store has over 800,000 iOS third-party applications with downloads exceeding 40 billion.

Third-party applications are pervasively installed on these iOS devices as they provide various functions that significantly extend the usability of the mobile devices. However, these third-party applications pose potential threats by compromising the personal and business data stored on the devices.

Between June to October 2012, I2R and SMU researchers embarked on a task to unveil a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. The research team constructed multiple proof-of-concept attacks such as cracking the device PIN, blocking incoming calls and posting unauthorised tweets. To overcome these security breaches, the team proposed several mitigation methods to enhance the vetting process and the iOS application sandbox. Apple Inc. was notified of these security vulnerabilities and rectified them for the launch of iOS 7, acknowledging I2R’s and SMU’s contributions. Please see Appendix A for full information on the three security fixes developed by the I2R and SMU research team in iOS 7.

Dr Tan Geok Leng, Executive Director of the Institute for Infocomm Research (I2R) said, “I2R’s expertise in the infocomm security arena has once again been harnessed to benefit the mobile community. We are proud of our researchers’ efforts in boosting the security of Apple’s latest operating system – the iOS 7. The enhanced data protection, secured telephony functionality and protected Twitter functionality will let iOS end users utilise their mobile devices for leisure or work with a peace of mind.”

SMU’s Vice Provost of Research and Dean of the School of Information Systems Professor Steven Miller, said “Information security is a core area of research at the SMU School of Information Systems. Our research team not only aims to create impact in the research community, but also in the wider community. I am pleased to note that our researchers have been able to leverage our expertise and technologies to enhance security in cyberspace, and in this case help strengthen the security of the iOS platform to protect the security and privacy of businesses and individuals.”

-End-

For more information, please contact:

Ms. Doris Yang
Institute for Infocomm Research
DID: (65) 6419 6525
Email: yangscd@scei.a-star.edu.sg
Mr. Teo Chang Ching
Singapore Management University
DID: 6828 0451
Email: ccteo@smu.edu.sg
About Institute for Infocomm Research (I2R)
Singapore’s largest ICM research institute, I2R (pronounced as i-squared-r) is a member of the Agency for Science, Technology and Research (A*STAR) family. Established in 2002, our vision is to power a vibrant and strong infocomm ecosystem in Singapore. I2R focuses on conducting mission oriented research to address key challenges faced locally. At I2R, intelligence, communications and media (ICM) form our 3 strategic thrusts. Our research capabilities are in information technology, wireless and optical communication networks, interactive and digital media, sensors, signal processing and computing. We perform R&D in ICM technologies to develop holistic solutions across the ICM value chain and we believe that the greatest impact is created when research outcomes are translated into technologies our partners can readily deploy at a competitive advantage. For more information about I2R, please visit www.i2r.a-star.edu.sg.
About the Agency for Science, Technology and Research (A*STAR)
The Agency for Science, Technology and Research (A*STAR) is the lead agency for fostering world-class scientific research and talent for a vibrant knowledge-based and innovation-driven Singapore. A*STAR oversees 14 biomedical sciences and physical sciences and engineering research institutes, and six consortia & centres, located in Biopolis and Fusionopolis as well as their immediate vicinity. A*STAR supports Singapore's key economic clusters by providing intellectual, human and industrial capital to its partners in industry. It also supports extramural research in the universities, and with other local and international partners. For more information about A*STAR, please visit www.a-star.edu.sg.
About Singapore Management University
Singapore Management University (SMU) is internationally recognised for its world class research and distinguished teaching focused on the world of business and management, and on information systems technology and management. Established in 2000, SMU’s mission is to generate leading edge research with global impact and develop broad-based, creative and entrepreneurial leaders for the knowledge-based economy. Home to over 8,500 students, SMU comprises six schools: School of Accountancy, Lee Kong Chian School of Business, School of Economics, School of Information Systems, School of Law and School of Social Sciences, offering undergraduate, postgraduate and executive development programmes. www.smu.edu.sg
About SMU School of Information Systems
The SMU School of Information Systems (SIS) was set up in 2003 to extend SMU's research and education efforts into the areas of Information Systems Technology, Information Systems Management, and problems at the intersection of IS technology and management. SIS is distinct from the other five schools of SMU in that it is the only academic unit within the University which falls under Singapore's Science & Technology cluster of academic units as defined by the Ministry of Education.

The School possesses deep research R&D capability in four strategically-selected areas of IS technology: Information Security & Data Privacy; Data Management & Analytics; Intelligent Systems & Decision Analytics; and Software Systems. The fifth strategic area of the School is Information Systems & Management, where the faculty investigate the managerial aspects and business impact of IT in public and private sector organisations, and across value chains, markets and industries. Since its inception, SIS has established a strategic partnership with Carnegie Mellon. Through SIS, SMU and Carnegie Mellon launched the Living Analytics Research Centre (www.larc.smu.edu.sg) in 2011. More information on SIS can be found at: www.sis.smu.edu.sg


APPENDIX A:
Full information on the three security fixes developed by the I2R and SMU research team:
1. Data Protection
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Apps could bypass passcode-attempt restrictions
Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University

2. Telephony
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Malicious apps could interfere with or control telephony functionality
Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

3. Twitter
Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Sandboxed apps could send tweets without user interaction or permission
Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon.

Researchers involved: Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology

Doris Yang | Research asia research news
Further information:
http://www.a-star.edu.sg
http://www.researchsea.com

More articles from Information Technology:

nachricht Smart Computers
18.08.2017 | Albert-Ludwigs-Universität Freiburg im Breisgau

nachricht AI implications: Engineer's model lays groundwork for machine-learning device
18.08.2017 | Washington University in St. Louis

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Fizzy soda water could be key to clean manufacture of flat wonder material: Graphene

Whether you call it effervescent, fizzy, or sparkling, carbonated water is making a comeback as a beverage. Aside from quenching thirst, researchers at the University of Illinois at Urbana-Champaign have discovered a new use for these "bubbly" concoctions that will have major impact on the manufacturer of the world's thinnest, flattest, and one most useful materials -- graphene.

As graphene's popularity grows as an advanced "wonder" material, the speed and quality at which it can be manufactured will be paramount. With that in mind,...

Im Focus: Exotic quantum states made from light: Physicists create optical “wells” for a super-photon

Physicists at the University of Bonn have managed to create optical hollows and more complex patterns into which the light of a Bose-Einstein condensate flows. The creation of such highly low-loss structures for light is a prerequisite for complex light circuits, such as for quantum information processing for a new generation of computers. The researchers are now presenting their results in the journal Nature Photonics.

Light particles (photons) occur as tiny, indivisible portions. Many thousands of these light portions can be merged to form a single super-photon if they are...

Im Focus: Circular RNA linked to brain function

For the first time, scientists have shown that circular RNA is linked to brain function. When a RNA molecule called Cdr1as was deleted from the genome of mice, the animals had problems filtering out unnecessary information – like patients suffering from neuropsychiatric disorders.

While hundreds of circular RNAs (circRNAs) are abundant in mammalian brains, one big question has remained unanswered: What are they actually good for? In the...

Im Focus: RAVAN CubeSat measures Earth's outgoing energy

An experimental small satellite has successfully collected and delivered data on a key measurement for predicting changes in Earth's climate.

The Radiometer Assessment using Vertically Aligned Nanotubes (RAVAN) CubeSat was launched into low-Earth orbit on Nov. 11, 2016, in order to test new...

Im Focus: Scientists shine new light on the “other high temperature superconductor”

A study led by scientists of the Max Planck Institute for the Structure and Dynamics of Matter (MPSD) at the Center for Free-Electron Laser Science in Hamburg presents evidence of the coexistence of superconductivity and “charge-density-waves” in compounds of the poorly-studied family of bismuthates. This observation opens up new perspectives for a deeper understanding of the phenomenon of high-temperature superconductivity, a topic which is at the core of condensed matter research since more than 30 years. The paper by Nicoletti et al has been published in the PNAS.

Since the beginning of the 20th century, superconductivity had been observed in some metals at temperatures only a few degrees above the absolute zero (minus...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Call for Papers – ICNFT 2018, 5th International Conference on New Forming Technology

16.08.2017 | Event News

Sustainability is the business model of tomorrow

04.08.2017 | Event News

Clash of Realities 2017: Registration now open. International Conference at TH Köln

26.07.2017 | Event News

 
Latest News

A Map of the Cell’s Power Station

18.08.2017 | Life Sciences

Engineering team images tiny quasicrystals as they form

18.08.2017 | Physics and Astronomy

Researchers printed graphene-like materials with inkjet

18.08.2017 | Materials Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>