CATEGORIES
home News

NC State University Researchers Find iOS Sandbox Profiles Are Full Of Security Flaws

by Brandon HillThursday, August 25, 2016, 05:12 PM EDT

When it comes to smartphone vulnerabilities, we’re used to hearing about Google’s Android operating system getting raked over the coals. After all, Android has 85+ percent global market share according to Gartner and is an easy target. iOS has had its fair share of security issues as well, but not to the extent that we’ve seen on Android.

However, we just recently reported on three critical vulnerabilities that Apple patched in iOS 9.3.5, which allowed iPhones to be remotely hacked. And now we’re hearing of a new vulnerability that affects iPhones and iPads running the latest versions of iOS. According to researchers working at NC State University, they have found critical flaws in the sandbox functionality built within iOS.

iphone cracked

A sandbox profile is administered by iOS for individual third-party apps, and dictates what and how personal data can be accessed on a person’s iPhone or iPad. The researchers were able to extract the binary code from a sandbox profile, decompile it, and then run automated tests on the code to sniff out any and all vulnerabilities that would leave iOS ripe for exploitation.

Fortunately for the researchers, they were able to use the knowledge gained from the code to create a proof of concept that allows them to bypass privacy settings for sensitive data like contacts, permits apps to communicate with each in ways that are skirt Apple controls, and even gobble up an iOS device’s free space with reckless abandon.

“Our goal was to identify any potential problems before they became real-world problems,” write’s NC State associate professor of computer science William Enck. Being that these findings are coming from a reputable institution (Go Wolfpack!), the researchers have already gotten in contact with Apple to share their findings.

The NC State researcher’s findings — which were buoyed by the work of Mihai Chiroiu and Răzvan Deaconescu of University Politehnica of Bucharest, and Lucas Davi and Ahmad-Reza Sadeghi of Technische Universität Darmstadt — will be presented at the ACM Conference on Computer and Communications Security in late October. 

Tags:  Apple, iPhone, (NASDAQ:AAPL), nc state, ncsu
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment