The iOS operating system is one of the few mobile platforms that does not need antivirus software; at least that is what the developers say. Antivirus programs are redundant due to some specific architectural features of iOS. The operating system simply does not provide mobile apps with access to the file system. Thus, any antivirus scan is problematic in principle.
Nevertheless, what are the odds you will need it? Let’s look at why the iPhone has such strong protection or why it may need one.
Specifics of iOS
This is a well-known fact that all applications in iOS run in the sandbox. This is an isolated environment from which they cannot have direct access to the operating system components and other programs. Precisely this feature ensures a high level of security of the OS. When working in a sandbox, the application interacts only with its data and resources, so the malicious program will simply have no chance to infiltrate.
Moreover, Apple allows the installation of applications to mobile devices exclusively from its own App Store. And they get there after a fairly close inspection. “Unhappy” iPhone owners are denied the opportunity to use the “Allow the installation of applications from unknown sources” function, which is usual for Android users.
Outdated devices problem
However, along with securing the device, such tight restrictions deprive iOS owners (iPhone and iPad) of several useful features. If your iPhone belongs to an outdated model range and its OS is already out of date, sooner or later, you will face a complete inability to install or update the application you need through the App Store. It creates room for the possible virus attack.
There are two ways out of the deadlock:
- buying a new and updated device;
Jailbreak means using special utilities to hack the operating system. It allows you to get access to the file system not authorized by the phone manufacturer, and besides, install applications from third-party application directories (repositories) or, in some cases, directly from your computer.
Corporate internal application installing
Another loophole allows users to almost officially install various applications on iPhones and iPads, bypassing the App Store. It is called Mobile Device Management (MDM). It is a set of tools that allows you to manage iOS devices in a corporate environment. In particular, it is used to install various internal applications on the
Apple devices owned by corporate employees that are not intended for general distribution outside the company.
Such programs can be delivered to iOS devices without uploading them to the App Store and meticulous testing. The method has several security limitations designed to exclude its possible use by hackers.
Does all this mean that the existence of viruses for iOS is impossible in principle, and users of Apple devices can feel completely safe? Unfortunately, no. And yet, viruses for iOS exist. Below, we will talk about the most famous virus spreading technologies for iOS.
MDM technology and iOS malware
Because of Apple’s high-security mechanisms in its mobile operating system’s architecture, creating full-fledged malware for this platform turned out to be complicated. Nevertheless, it was made, and it came as no surprise to the experts. Being unable to enter iOS through a front door, an attacker can always break through a window.
Cybercriminals started to use the same mechanism for distributing MDM applications using corporate certificates to spread Trojan programs. Using this technology, it is quite possible to implement targeted precision attacks, which was proven in practice in the summer of 2018. Among other things, an attacker can be, for example, an offended employee of a company using MDM if he has access to the server.
In 2015, a broad distribution of the YiSpecter Trojan using MDM was arranged. The malware was hidden in a client application, which was a video player for viewing pornography. Although it was distributed mainly in China, YiSpecter was one of the first real viruses capable of infecting an iPhone without jailbreak.
iOS viruses and DRM technology
Trojans that did not use MDM to spread originated from the same place where most original IT developments come from, i.e., China. As you know, iPhone applications must be purchased from the official App Store. If the program is honestly bought on this resource and is listed on the user’s account, they can install it on the phone later by connecting it to the computer using a USB-Lighting cable and using iTunes.
When launched, the program will check the user’s Apple ID and ask for an authorization code to ensure that the application installed on the mobile device was actually legally purchased by this user. It uses Apple’s Digital Rights Management (DRM) technology. To bypass this check, the Chinese have come up with a unique program that emulates iTunes’ actions.
Having bought an application from the App Store, the creators of this program intercept and save the authorization code using a vulnerability in the DRM implementation and then transfer it to all other application users. As a result, they get the opportunity to install on their iPhone or iPad a program that they did not pay for. One of these applications is called Aisi.
Aisi allows users of Apple devices to install illegal software and update and create backup copies of the firmware, jailbreak, download ringtones, and various multimedia content to the phone. When launched, the application asked for your Apple ID account information. This information was immediately sent to the control server.
In the end, the leak of Apple ID opens up a lot of opportunities for potential attackers. They can change the password, lock the device, and demand a ransom from its owner for unlocking, as ransomware does. Thus, despite the reliable security of iOS devices, the user should either think about protection or be as careful as possible.