How can users protect mobile devices from SandJacking attacks?

Attackers with physical access to an unlocked iPhone can use a SandJacking technique to replace a legitimate app…


* remove unnecessary class from ul
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

* Replace “errorMessageInput” class with “sign-up-error-msg” class
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {

* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
return validateReturn;

* DoC pop-up window js – included in moScripts.js which is not included in responsive page
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {, “Consent”, “width=500,height=600,scrollbars=1”);

with a malicious version of it, which can access sandboxed data from the phone. I read that Apple addressed the issue with a patch, but that the SandJacking technique may have been altered. What’s the latest on this technique, and what’s the best way to mitigate it?

Once a security researcher or attacker has physical access to a device’s hardware and sufficient resources, he will be able to bypass the security on a system. This is what happens in the SandJacking attack — Chilik Tamir, chief architect of research and development at mobile security firm Mi3 Security, gave a presentation at the Hack In The Box security conference where he was able to load malware on an iPhone without jailbreaking it.

A SandJacking attack can be performed on an unlocked iPhone using a rogue application, a developer certificate for signing the rogue application and a computer. The rogue version of an application would be signed by the developer certificate to replace the legitimate application when the iPhone is connected to the computer. The malicious application would reuse the bundle ID of a legitimate application and other details to make itself look like the legitimate application and give it access to the data in the application sandbox. Tamir also developed a toolkit to automate the attack, but withheld the toolkit until a patch is released by Apple. Apple had patched an earlier version of the SandJacking attack, but Tamir updated the attack to exploit a weakness in how the restore application functionality on iOS worked.

Since there isn’t a patch for the current SandJacking attack, enterprises and individuals will need to be diligent about who has physical possession of their iPhones, because anyone with physical possession and the PIN could use this attack. If your enterprise is concerned about this and other attacks from third-party repair companies, it could back up the device’s data and do a factory reset to the default OS prior to having it repaired, to ensure no unauthorized access to enterprise data. Stating the obvious, once a patch is available, it should be installed on vulnerable devices.

Next Steps

Find out how a malicious app bypassed the Google Play store security

Learn how expired domains present a way for malicious activity on mobile devices

Read about the best iOS app development tools

Dig Deeper on Smartphone and PDA Viruses and Threats-Setup and Tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.

Source link


About the author


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!