threatmodel iOS EN - edamametechnologies/threatmodels GitHub Wiki

iOS Threat Model (EN)

Contents

MDM profiles installed

Threat

Dimension : system integrity / Severity : 5

Tags : Personal Posture

You have one or more Mobile Device Management (MDM) profiles installed on your device. This means that your device is or can be remotely administered by a 3rd party. If this is your personal device, this is a grave threat and the profiles should be removed.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user mdm_check

Remediation

https://support.apple.com/en-us/guide/deployment/depc0aadd3fe/web

Rollback

https://support.apple.com/en-us/guide/deployment/depc0aadd3fe/web

Screen lock disabled

Threat

Dimension : credentials / Severity : 3

Tags : CIS Benchmark Level 1,Set Auto-Lock to 2 Minutes or Less, ISO 27001/2,A.11.2.8-Unattended User Equipment, SOC 2,CC6.1-Access Control

Your device doesn't have a screensaver enabled with a password. It leaves it open for physical access by anyone. This is very dangerous!

Implementation

Tested for Action Elevation Script
iOS 15 Command line user screenlock_check

Remediation

https://support.apple.com/en-us/guide/iphone/iph9a2a69136/ios

Rollback

https://support.apple.com/en-us/guide/iphone/iph9a2a69136/ios

Your device is jailbroken

Threat

Dimension : system integrity / Severity : 5

Tags : CIS Benchmark Level 1,Ensure device is not jailbroken

Your device is jailbroken. Either you did it yourself or a bad actor did it to access your personal data. This is very dangerous! You need to restore your device to factory settings.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user jailbreak_check

Remediation

https://support.apple.com/en-us/HT201252

Rollback

https://support.apple.com/en-us/HT201252

Potentially compromised email address

Threat

Dimension : credentials / Severity : 4

Tags : Personal Posture

Check if your email address might have recently appeared in a data breach.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user pwned -i 365

Remediation

Tested for Action Elevation Script
iOS 15 Command line digitalidentity_manager

Rollback

https://haveibeenpwned.com/

Unverified or unsafe network environment

Threat

Dimension : network / Severity : 1

Tags : Personal Posture

The network you are connected to is not a known one or it contains unsafe devices. If you are allowed to scan this network, go to the network tab and verify the presence of potentially dangerous devices.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user lanscan

Remediation

Tested for Action Elevation Script
iOS 15 Command line network_manager

Rollback

Tested for Action Elevation Script
iOS 15 Command line network_manager

App is not up to date

Threat

Dimension : applications / Severity : 3

This app is not up to date. Applications are constantly updated to fix potential security issues. It's your best interest to get updates as soon as you can through automatic updates.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user latestapp_check

Remediation

https://support.apple.com/en-us/HT202180

Rollback

https://support.apple.com/en-us/HT202180

Your OS is not up to date

Threat

Dimension : system integrity / Severity : 3

Tags : CIS Benchmark Level 1,Keep iOS Auto-Update Enabled

Your operating system is not up to date, please proceed to upgrade to get the latest security patches.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user latestos_check

Remediation

https://support.apple.com/en-us/HT204204

Rollback

https://support.apple.com/en-us/HT204204