Scheduled System Maintenance on May 29th, 2015:
IEEE Xplore will be upgraded between 11:00 AM and 10:00 PM EDT. During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Exploring an open WiFi detection vulnerability as a malware attack vector on iOS devices

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Spaulding, J. ; Dept. of Comput. Sci., George Mason Univ., Fairfax, VA, USA ; Krauss, A. ; Srinivasan, A.

This paper presents a vulnerability on devices running Apple iOS, and can be traced back to iOS 3. First discovered in 2009 on iOS, and again in 2011 on Mac OS X, the vulnerability exists in a feature which seeks to help the device user maintain internet connectivity when attached to open WiFi networks protected by a captive portal. Since many modern applications rely on an internet connection, to alert a user when the connection requires user input to proceed, vulnerable OSs periodically check for a connection to the Apple URL http://www.apple.com/library/test/success.html. When the response returned from the connection check is abnormal, a UIWebView instance is opened, allowing the user to accept a terms of service, or otherwise satisfy the Captive Portal or Paywall terms. This behavior allows an adversary a small window of opportunity to launch an attack, which can manifest as an ARP Poisoning Attack, DNS Poisoning Attack, or a Man-in-the-Middle Attack redirecting the requesting iOS device to a malicious location. We have confirmed this vulnerability continues to exist in both iOS 4 and iOS 5. Further we have compared both native as well as jailbroken devices, and successfully launched a BeEF hook to both with equal results. The danger of this vulnerability lies in the fact that no user intervention is requiredfor exploitation beyond initially joining the network, which is a common and generally accepted user activity.

Published in:

Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on

Date of Conference:

16-18 Oct. 2012