Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System 94
Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.
Not exactly new. (Score:1)
This bug has been known for a year or so [consumeraffairs.com]. Possibly more.
Re: (Score:2)
That sounds like a really weak attempt to come to the rescue of your favorite corporate brand.
If it's a fundemental design bug, then it's still a bug.
The enabling technology, itself, is ridiculous. (Score:5, Insightful)
Re: (Score:2, Insightful)
Except that's the only time it's useful.
Anyone you actually know you can just email the file to and they can get at their leisure. The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
Re: (Score:2)
Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
Re: (Score:2)
Maybe Apple should change the behavior of "accept from everybody." Make it so it only stays active for 15 minutes, and then goes back to contacts only. It'd be closer to Bluetooth discovery then.
I agree that that would be a quick and dirty solution; but probably effective.
Re: (Score:3, Insightful)
The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.
So basically, “I don’t know you, or I don’t trust you enough to give you my contact information, but here-- put something onto my phone.”
You’re lucky someone else beat you to it, because at least that makes your statement only the second-stupidest thing I’ve read today.
Re: (Score:2, Interesting)
You know why Linux isn't the amazing success that Slashdotters think it should be? Because it's clear no one has ever interacted with real people, ever. Here, let me paint you a picture, I call it "literally the only time I've ever seen AirDrop used, ever."
You're at a convention. There are people cosplaying. Two cosplayers who don't know each other but are cosplaying characters from the same show meet and do a pose and someone else takes a picture. The picture looks cool and one of the cosplayers says "ooo,
Re: (Score:2)
Re: (Score:2)
AirDrop is only useful when, for whatever reason, you want to share some document of some form with someone you don't know and don't feel like setting up a "proper" channel to. Otherwise there's no reason to use it over email.
It's also useful when you want to share a largish video without down sampling it or going through the rigmarole of syncing the phone and copying the file between PCs. This is literally the only time I've used it: to exchange a video of our daughter with my wife.
Re: (Score:1)
and this is why the rest of the world (Android, Windows Phone) is much better.
You set up the connection by NFC, which requires you to put your phones in physical contact with one-another first -- then it sets up the network for file transfer.
*Much* more private and secure. I remember when everyone was worried about NFC / Android Beam dropping files everywhere... for some reason (cough), this never was a security concern for the much more promiscuous I thingies.
Re:The enabling technology, itself, is ridiculous. (Score:5, Insightful)
Re:The enabling technology, itself, is ridiculous. (Score:5, Informative)
I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this - thankfully.
I've actually enabled AirDrop receiving requests from anybody on my iPhone (which I'm about to change) and have never gotten anything via it, unsolicited or otherwise. In fact, I'm the only person I've ever seen use AirDrop, and I had to tell the other person how to turn it on in each case.
Re: (Score:3)
It prompts me each time I enable it from the swipe-up menu, at least on iOS 8.1.
Re:The enabling technology, itself, is ridiculous. (Score:5, Insightful)
Because I would have seen a prompt asking me to accept or decline a file. And I think it's safe to say that given the place I work and community in which I live, I have a better chance of having been killed in a traffic accident than somebody coming within AirDrop range and targeting me with an unpublished iOS vulnerability.
Plus I just updated to iOS 9 which in all likelihood would have wiped out any nefarious stuff that had been installed by this mystery attacker-ninja.
Re:The enabling technology, itself, is ridiculous. (Score:4, Interesting)
Given this bug, how can you know that?
If you'd read the article, you'd have seen that the way to bypass the authorization prompt was by "nstalling an enterprise provisioning profile on the device and marking it as trusted."
Sounds to me like AirDrop is superfluous in this case. If my device has an enterprise provisioning profile, I believe that enterprise can already put whatever it wants on it.
So, if anything, this sounds like a sandboxing issue (you can put files in arbitrary locations on the device) rather than an AirDrop issue.
Re:The enabling technology, itself, is ridiculous. (Score:4, Funny)
Years of using slashdot would keep me from enabling such a function even without the security implications. I can imagine some troll sending tubgirl or goat.cx pics to anyone they can.
Re: (Score:1)
I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this
Melissa virus only spread through contacts.
Re: (Score:2)
Re:The enabling technology, itself, is ridiculous. (Score:5, Informative)
Considering that were talking about signed apps that don't have the security warning, it also means the app can be traced to a specific individual or organization ... And that certificate can be blacklisted effectively stopping the attack vector on a global scale, instantly. While directly identifying who to prosecute and seize funds from. Apple gives out the signed certs, you don't just generate a very and poof it's no longer warning anyone, it has to be signed by Apple (the cert, not the app on OSX).
So while this is a concern ... It requires that you disable MULTIPLE security features and do several stupid things to intentionally give everyone access to your devices.
Hope they fix it quickly in case this can be exploited in other actually scary ways, but this scares me less than Trojans on a jail broken phone ... And my phone isn't jail broken!
Re: (Score:2)
It wouldn't be difficult to steal a signing key.
Ok, it might be difficult, but it's certainly not impossible or unheard of. They've been found in GitHub repos, for example.
If an malware app was installed without an icon, it could spread prolifically before anybody detected it and the signature could be revoked. Depending on the purpose, it might not need to survive very long anyway.
If anyone actually used AirDrop, that is. I don't know anybody who does, or has it enabled. Most people just send photos vi
Re: (Score:2)
I consider the setting that allows it
Is it the setting that allows it? Or does it work in the other settings too, but limited to just your "friends"? Now I'm tempted to see what kind of joke app I can throw together and get on my coworker's phone before Apple fixes this (of course, if I get my dev cert revoked by Apple that'd be bad, so I won't... but the temptation is there)
Re: (Score:3, Insightful)
Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
The thing is, the iOS device is supposed to have a secure filesystem so that applications can't even share data via the local filesystem. And you can't just plug an iPhone into a USB port and drop whatever files you want on it, as if it were a USB thumbdrive. So iDevice users have been lulled into this sense of security that they can open up some space on their phone/tablet/iwhatever and that can't be abused, because Apple is so amazingly good at security. Except they aren't so oops.
Re: (Score:2)
because Apple is so amazingly good at security. Except they aren't so oops.
Mighty haughty words, considering Android's "security" record.
Re: (Score:3)
Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.
Exactly.
If this was a flaw in Android, all the Fandroids would be blaming the User. Bet they won't feel the same about Apple, though.
Not bug, a jailbreaker (root ones phone) (Score:2)
Use it or lose it.
Re: (Score:2)
Use it or lose it.
I should mention I don't have an Apple phone, but would be trying to root it.
Re: (Score:1)
The only difference between a jailbreak and a hostile exploit is the person using it.
Re: (Score:3)
Which means that if it were a gun, every American would be allowed to jailbreak/root their phone by birthright and protected by the constitution.
Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
Re: (Score:2)
Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
Apple certainly doesn't notify law enforcement if it discovers your phone/tablet has been jailbroken; and many, many Android-Device OEMs take measures in an attempt to thwart casual "rooting" of their Devices, too.
So, I'm not exactly sure why you are hating on Apple; because it seems like they are in line with the rest of the industry.
Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but tha
Re: (Score:2)
Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
Re: (Score:2)
That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
The only requirement was that Google Apps be included wiki.rootzwiki.com/Google_Apps
Re: (Score:2)
Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
The unfounded Apple hate around here is absolutely asinine.
Re: (Score:2)
Instead, it's mere control of your personal property, and therefore owned by the corporations. Individuals should never be allowed to wield such power - they simply can't be trusted not to infringe on the profits of the corporate elite.
Name any Android Device OEM that has a corporate policy of "C'mon and Root Us! We'll show you how! Right there on Page 86 of the User Manual.". Maybe Nexus phones; but that is about it, I would guess. And I wouldn't be at all surprised if they don't explicitly endorse "Rooting", either.
That would of been Google; till their recent privacy policy that "prohibits" such activity now, they actively sought out "hackers" (sent them the phone) to root the phone so ROMs would be available for it when released.
No cite I've looked before and can't find it now. Had a Xoom tablet (Motorola, Google) and came across that fact in my searches. It would of been a Moto though.
So, in other words, every single mobile OEM now has EXACTLY the same policy regarding rooting. So I NEVER want to see Apple singled-out on this topic, EVER AGAIN.
The unfounded Apple hate around here is absolutely asinine.
The question was name any.
Re: (Score:2)
The question was name any.
And by their own words, they could not. What is past, is past. But the truth is, at the present, there is nor a single mobile OEM that embraces nor encourages rooting a mobile device of their manufacture. And you know why? Because it almost universally results in a gaping security hole. Regardless of brand or platform.
People just need to get it through their addled brains that, although smartphones are in some ways (a lot of ways) "little computers", the use case and the amount of personal information th
Re:Apple defending shit (Score:5, Funny)
Re: (Score:2)
who even knows AirDrop is a thing in OS X?
NOW who's engaging in Selection Bias?
IIRC, AirDrop was available for OS X BEFORE it came out for iOS [wikipedia.org].
Yep. AirDrop was available on OS X 10.7 (Lion), released on July 10, 2011 [wikipedia.org], but not available on iOS until iOS 7, some two years later [wikipedia.org].
Way to keep up with technology, 'tard!
Re: (Score:2)
... The NSA want to steal your data, not fill your drive up with software signed by Apple that can be traced directly back to a well documented person that apple has communicated with financially on more than one occasion.
You don't even know what this does, so just STFU
Re: (Score:2)
It's a bug, not yet another NSA/GCHQ backdoor that offers Apple "deniability" of their collusion with intelligence agencies.
Citation, please!
Re: (Score:2)
Goto fail.
No reasonable explanation. Patching error? Fuck off.
Spoken by someone who has never written a line of code, nor screwed up a cut and paste operation.
Re: (Score:2)
You're a fucking NSA/Apple shill. Did you look into it at all?
LOL!!! You have NO idea how far both of those allegations are from the truth!
Yes I have looked into it.
The Internet is like the Bible: There are so many conflicting opinions, that you can prove ANY position. One site thinks that it is clear indication of purposeful sabotage; the next thinks that it is a cut and paste error; and the third site isn't sure, but says it's Apple, so it HAS to be evil.
My honest opinion, if I had to guess, and as a person who has coded professionally for about four decades,
Re: (Score:2)
Why not patch the current version? Especially for devices that are not covered by iOS9.
Is there a single device which is supported on 8.4 that isn't supported on 9?
Correct me if I'm wrong, but, unlike Android's obsoleting devices every revision or two, I don't believe any device was obsoleted by IOS 9.
Re: (Score:2)
Obviously the numbers of IOS devices makes them a better target now
Wait! I thought that Android was the big gorilla, and iOS was at 14% and shrinking fast.
So which is it?
You are just saying anything to make yourself sound intelligent. Which you obviously are not; since you can't even use an APOSTROPHE correctly. It's POSSESIVE, not PLURALIZATION, FUCKTARD!
Oh, and you might consider using a COMMA once in awhile, too.
Re: (Score:1)
Users are now known as "her"? (Score:2)
If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device.
What the fuck is wrong with using the word "their"?
Although...
Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices.
Perhaps Mark Dowd is female. If so then... Hmm. Then... I dunno.
Either way, there are a whole group of words that are not gender specific. Use them(!), and stop with this retarded "her" crap.
Thanks.
Re: (Score:2)
Maybe because "their" is a plural and "a user" is a singular noun?
Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
Re: (Score:2)
Since when is the word "their" plural?
his, her, its — used with an indefinite third person singular antecedent
(used after an indefinite singular antecedent in place of the definite masculine form his or the definite feminine form her)
used to refer to one person in order to avoid saying "his or her": One of the students has left their book behind.
Re: (Score:2)
Since when is the word "their" plural?
When the antecedent refers to a group, e.g. "The crowd showed their approval by setting themselves on fire."
Yes, you can use "its" there, too; but English has many de facto synonyms and has a quite flexible syntax. That's why it is a wonderful language for poetry and lyrics.
As a contrast, try and do a pun in German. I don't think it can be done; because it is "one word, one definition". Great for scientific texts; horrible for plays-on-words.
Re: (Score:2)
Oh, by the way, it's not a noun.
Re: (Score:2)
I'm just gonna let the fact that "'they' is correct" is also grammatically correct burn into your brain for a bit. Have a
Re: (Score:2)
Even if we assume you are correct, an unknown person may be either male or female. Let's call them a quantum person, as they've yet to be observed; they're simultaneously male and female. In this instance, neither "he" nor "she" ("his", "hers", "him", "her", etc, you get the point) are appropriate. However, given the dual nature of the unknown individual, "they" (or "their") is correct.
There are a lot of words being spent here for the purpose of ignoring the standard rule in English where using a male pronoun is the correct way to refer to a person of unknown or undetermined gender.
Re: (Score:2)
Re: (Score:2)
Maybe because "their" is a plural and "a user" is a singular noun?
Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
Maybe because "their" is a plural and "a user" is a singular noun?
Unlike some languages, English does not have a gender neutral singular possessive determiner applicable to humans. "Its" is still considered rude to use when referring to homo sapiens.
I have to disagree with the grammar experts on this one. "Their", while not technically a singular possessive, is most assuredly less cumbersome than using "she or he" repeatedly (OMG, yuck!!!) or even worse, the non-word "S/he" or "Hir" (retch!!!).
So, kind of like the word "sheep" or "deer", which can mean either singular or plural depending on context, or "Aloha" (yes, another language, but...) which can mean "Hello" or "Goodbye", again depending on context; I firmly believe that "their" SHOULD be accep
Re: (Score:2)
Re: (Score:1)
"Their" is plural. English has no neuter - using "their" as neuter is incorrect. Using "her" is trying to be politically correct. Using "his" would have been grammatically correct.
Re: (Score:1)
No, it's not plural. See above. Look up a dictionary. Read some books. Listen to some people speak.
Re: (Score:1)
Let's look at this another way.
Given the statement "That rock is owned by Roger", we can determine that the singular rock is owned by a singular person (Roger). Thus, if someone asked "Is that Roger's rock?" then the response "Yes it is theirs" is grammatically correct (and always has been).
Similarly, given the statement "That rock is owned by the three women sitting on top of it", we can determine that the rock is owned by three women. Therefore, if someone asks the question "Who owns that rock?" we can sa
Re: (Score:2)
Let's look at this another way.
Given the statement "That rock is owned by Roger", we can determine that the singular rock is owned by a singular person (Roger). Thus, if someone asked "Is that Roger's rock?" then the response "Yes it is theirs" is grammatically correct (and always has been).
Historically, their and theirs means third person plural owners. In this politically correct age, these words are used when the gender and / or sex of the owner is not known. Since Roger is (most likely) male, the most correct answer would be Yes, it is his.
Similarly, given the statement "That rock is owned by the three women sitting on top of it", we can determine that the rock is owned by three women. Therefore, if someone asks the question "Who owns that rock?" we can say "It is theirs."
Third person plural owners has always been their or theirs; this has not changed due to political correctness.
Why am I adding an s to "their"? Because that's the plural of their. "Their" vs. "Theirs".
WRONG! You use theirs when you don't want to repeat the object. It is their rock (the rock belongs to them) vs It is theirs (It belongs to them
Re: (Score:2)
Maybe this explains it better than I can: http://dictionary.cambridge.or... [cambridge.org]
To disable AirDrop (Score:5, Informative)
Check to see whether it's disabled already, open a command prompt and run:
defaults read com.apple.NetworkBrowser | grep DisableAirDrop
If it returns DisableAirDrop = 1, then you should be fine. If it comes up blank, or if it shows DisableAirDrop = 0, then AirDrop is not disabled by default. In this case, run:
defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES
You'll need to log out and log back in for the change to take effect.
references: this Apple Forums thread [apple.com]
Re: (Score:1)
So, do you need to be jailbroken to do this, and is it okay to use this exploit to jailbreak prior to closing the loophole?
Re: (Score:3)
Serious implications (Score:1)
It does not matter if you have switched off airdrop or restricted its access to known contacts.
At a border crossing an officer can take your locked device and push some nasty payload to it.
Even a confirmation would be useless as it would be another guy pressing okay.
How much of this is... (Score:2)
Stupidity is a Vulnerability Now? (Score:2)
"If a user has AirDrop set to allow connections from anyone..."
Ok, so you have a setup where people can push files at you, and if you allow anybody to do it, someone might drop a malicious file in your system? What about the fact that Apple allows you to leave your laptop unattended and unlocked, say, on the subway? A malicious person could take over your whole computer! That's a serious vulnerability, and proves that Macs are no safer than Windows machines.