In the news lately are two very different attacks against the iOS platform. The first being Su-A-Cyder which was released at Blackhat by Mi3 Security and the second being released by CheckPoint. This blog and infographic will serve to clear the air and lay the facts down on each of these Threat vectors.

To start, lets clear the air by understanding that Su-A-Cyder is a toolset. It’s a combination of open source technologies woven together in a few complex scripts to automate the processes of taking a decrypted iOS app, injecting it with any evil code, resigning it with an anonymous Apple ID and then installing the repackaged app on a non-jailbroken device. To manage each of these tasks alone is complicated enough to thwart even the harden geeks. Because Su-A-Cyder is a toolset and not an actual app or malicious code, anti-virus solutions will not be able to identify that Su-A-Cyder was used.

The other side of the equation we have SideStepper, which is an attack directed at the MDM solution used in the enterprise to manage the BYOD program. The attack uses a malicious iOS Configuration Profile to perform a MITM attack which when combined with a rogue enterpise app store, can facilitate the installation of additional, potentially malicious apps. A SideStepper configuration profile could potentially be detected by anti-virus solutions if those solutions perform deep inspection and cross-use review of the configuration profiles to determine if they pose a risk. To my knowledge no Anti-Virus solution is performing this level of inspection today, nor does Anti-Virus solutions understand the concept of Risk vs. Threat.

Mi3 Security has an app comparison solution that can detect repackaged apps that are affected by both these attack vectors.

We have taken the two Threat Vectors and placed them in an infographic to talk to the more of the finer points .