iOS, your OS, everybody's OS: vetting and analyzing network services of iOS applications

Zhushou Tang, Ke Tang, Minhui Xue, Yuan Tian, Sen Chen, Muhammad Ikram, Tielei Wang, Haojin Zhu

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

15 Citations (Scopus)
120 Downloads (Pure)

Abstract

Smartphone applications that listen for network connections introduce significant security and privacy threats for users. In this paper, we focus on vetting and analyzing the security of iOS apps’ network services. To this end, we develop an efficient and scalable iOS app collection tool to download 168,951 iOS apps in the wild. We investigate a set of 1,300 apps to understand the characteristics of network service vulnerabilities, confirming 11 vulnerabilities in popular apps, such as Waze, Now, and QQBrowser. From these vulnerabilities, we create signatures for a large-scale analysis of 168,951 iOS apps, which shows that the use of certain third-party libraries listening for remote connections is a common source of vulnerable network services in 92 apps. These vulnerabilities open up the iOS device to a host of possible attacks, including data leakage, remote command execution, and denial-of-service attacks. We have disclosed identified vulnerabilities and received acknowledgments from vendors.
Original languageEnglish
Title of host publicationProceedings of the 29th USENIX Security Symposium
Place of PublicationBerkeley, CA
PublisherUSENIX Association
Pages2415-2432
Number of pages18
ISBN (Electronic)9781939133175
Publication statusPublished - 2020
Event29th USENIX Security Symposium - Boston Marriott Copley Place, Boston, United States
Duration: 12 Aug 202014 Aug 2020
https://www.usenix.org/conference/usenixsecurity20

Conference

Conference29th USENIX Security Symposium
Abbreviated titleUSENIX Security
Country/TerritoryUnited States
CityBoston
Period12/08/2014/08/20
Internet address

Fingerprint

Dive into the research topics of 'iOS, your OS, everybody's OS: vetting and analyzing network services of iOS applications'. Together they form a unique fingerprint.

Cite this