Airdrop security flaw warning: Skip iOS 9 update and be exposed to Bluetooth malware attack
You might want to upgrade to iOS 9 sooner rather than later, as the new software for iPhones and iPads fixes a fault which lets hackers install dangerous malware over your Bluetooth connection, without you knowing anything about it. The flaw meant rogue apps could be injected into iOS 8 devices through the Airdrop file-sharing feature.
Australian security researcher and consultant Mark Dowd revealed his discovery to Apple around a month before iOS 9 became available to the general public on 16 September. Dowd found that Airdrop, a system used to share files between iOS devices over a Bluetooth and Wi-Fi connection, can be compromised. This is an incredibly rare example of a flaw discovered in Apple's famously malware-free mobile software. While it has been patched in iOS 9, users of iOS 8 and older are vulnerable to the attack.
Anyone with a compatible iOS device within range of a potential hacker (around 10 meters of clear air) is vulnerable if they leave Airdrop switched on. They do not even have to accept the incoming file sent by the hacker. Once a preview appears on their screen - an action which cannot be cancelled before it has happened - their device is compromised. Once it is next rebooted, the attacker can begin installing malware to access more of the phone's operating system, such as its geographical location.
Dowd's attack combines a security fault in Airdrop with a vulnerability in how corporations can install their own applications on Apple products, bypassing the company's strict App Store policies. Making use of that second bug, Dowd was able to install unapproved applications on an iPhone which has not been jailbroken. It was even possible for him to disable a pop-up prompt which asks the owner if they trust the application's creator.
Because Macs use Airdrop they are also vulnerable to this attack. Users concerned should upgrade to the latest Mac operating system, OS X Yosemite.
Importance of keeping up to date
Tim Erlin, director of security and product management at Tripwire, a cyberthreat detection agency, said: "Vulnerabilities like this one should remind users of the importance of keeping your systems current with security updates. Unfortunately, those who would most benefit from hearing this advice are also the hardest to reach. There's no doubt that this vulnerability will persist and be exploited on devices that aren't updated."
A saving grace for Apple is how keen its users are to update every time a major new version of iOS is released. Within 24 hours, 12% of all iOS 8 users had updated their devices, a similar percentage to those who made the day-one jump from iOS 7 to iOS 8.
© Copyright IBTimes 2024. All rights reserved.