Got my first iPad infection and need to find out if anyone has any ideas how to scan an iPad?
Also, is there anyway to get into the file structure of the iPad so I can manually looking into the infection??
Thanks!
iPad, iOS 9.2.1, infected iPad
I wonder how it is possible to get infection on iOS devices. Is it jailbroken? Viruses, infections for iOS do not exist. Only adware may cause problems.
I wonder how it is possible to get infection on iOS devices. Is it jailbroken? Viruses, infections for iOS do not exist. Only adware may cause problems.
Hi Thunderzzz,
Actually, I do not believe its adware. I work on a primarily PC network, however, iPads are being introduced and this particular iPad is beaconing out to a known blacklist site. I have seen traffic making GET requests to the malicious site which, luckily is being blocked. However, this is indicative of malicious code, not adware, but without looking at the device, I won't know for sure if it is isolated to just the browser or if the infection runs deeper. By the way, neither Macs nor iOS devices are immune from malware, as there have been several malware outbreaks on these types of devices recently, such as XcodeGhost, which was coded into apple store apps, and YiSpecter, which attacked both jail broken and non-jail broken iOS devices. By the way, none of the devices on my network are jail broken either.
So, bottom line, I need to scan the device and I need to get a look at the system files. Also, Any recommendations on software to make a DD of the iPad drive? If I can make a image of the drive I will be able to mount it, and scan it but so far nothing is working.
If you, or anyone, could lend me a hand with any of these issues, it would be greatly appreciated :-))
The two items you mentioned are in the past, one was localized to China, and they were contained. Currently there are NO viruses/malware in the wild for iOS (or for OS X for that matter). Since there is no user accessible file system on the iPad, and all apps are sandboxed, there is no way for you to scan or look for code.
<Edited by Host>
There's a difference between a compromised version of XCode introducing malicious code into Chinese apps, and random malware infections happening on iOS devices.
There really is no known malware out there that can infect an iPad directly. By the same token, and due to how iOs is built, there is no Application out there that can scan it. iOS is sandboxed. Any App running on it, is prevented by the system from accessing anything outside its own area. Even the compromised chinese apps could not get out of their sandbox and affect the areas of the device.
The real question is what is this website it's "beaconing". And by extension why.
Instead of immediately jumping to a bottom line that is extremely unlikely. Rule out other more likely things first.
Bottom line there is no way to scan an iOS device for malicious code like you do on a PC.
the browser keeps what was last displayed and could update it so if somebody went to a questionable site it would explain why it keep trying to update html from that site.
Hi Rudegar,
Thanks for the reply, and yes that's true about the browser, however, a colleague with more mobile forensic experience is showing me the ropes on how to access the devices system folders as well as how to scan it. After looking at the browser, I really need to look at the system folders, particularly the system hive and the prefetch, to narrow down what was code was recently executed on the device. I do this on computers all the time but iOS is very new to me. I really appreciate all of the technical advice from all of you. It is very interesting to get different viewpoints.
How to scan an iPad for malicious code?
