ChanDet: Detection Model for Potential Channel of iOS Applications

Abstract

Despite providing iOS the security, comfortable, powerful mobile operating system, Apple has too many restrictions. Many users prefer to jailbreaking the iOS by using jailbreaking tool, which allows them to do more unavailable things on their devices. This behaviour may cause risks toward applications and many researches have focused on application security in various aspects. We find that a legal application (we call it potential channel hereafter) can be hijacked and it acts as a channel between the malware in device and the remote control terminal. In this paper, we introduce a channel model based on five conditions after analysing the entire operation procedure and comparing the similarities and differences of various applications. To approve our argument, we show iOS Messages which meets the five conditions, and demonstrate how to intercept messages, that means, a legal application can be hijacked and become a channel. To eliminate the risks, we propose a solution ChanDet and describe how to test whether an application is a potential channel or not. Finally, we give some protection strategies for applications, and we expect that ChanDet will play a significant role in application security of iOS.