A group of researchers has recently found that it’s possible to create a mobileconfig file that will create a “malicious profile” that can be used to give the attacker extensive access to the data on a device. These mobileconfig files are commonly used by mobile carriers to establish settings for user, in order for customers to access their data plans.
It’s certainly not the first time such a possible attack vector has been found on iOS. One such vulnerability in PDF file handling was used to create a jailbreak for iOS 3. There were similar vulnerabilities in iOS 1 and iOS 2 that also led to the ability to jailbreak. And there are no known attacks for this at the time of writing. It’s likely that this will be patched soon, but in the meantime, it’s best to exercise caution. The researchers at Skycure offered the following tips for protecting your device:
1) You should only install profiles from trusted websites or applications.
2) Make sure you download profiles via a secure channel (e.g., use profile links that start with https and not http).
3) Beware of non-verified mobileconfigs. While a verified profile isn’t necessarily a safe one, a non-verified should certainly raise your suspicion.
It’s also worth noting that users installing an unsigned mobileconfig will get a warning message. And although signing malicious files has not really been much of a problem for malware authors, it does provide another layer of difficulty for this sort of attack to be used successfully. Because this is not an exploit, it won’t be something that runs silently like a drive-by download. The user must be enticed into installing the malicious profile for any of this malicious activity to take place.
Updated March 14, 2013 for clarity