threatmodel iOS EN - edamametechnologies/threatmodels GitHub Wiki

iOS Threat Model (EN)

Contents

MDM profiles installed

Threat

Dimension : system integrity / Severity : 5

Tags : Personal Posture

You have one or more Mobile Device Management (MDM) profiles installed on your computer. This means that your device is or can be remotely administered by a 3rd party. If this is your personal device, this is a grave threat and the profiles should be removed.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user mdm_check

Remediation

https://en.wikipedia.org/wiki/Mobile_device_management

Rollback

https://en.wikipedia.org/wiki/Mobile_device_management

Screen lock disabled

Threat

Dimension : credentials / Severity : 3

Tags : CIS Benchmark Level 1,iOS_Screen_Lock, ISO 27001/2,Access Control, PCI-DSS,Requirement-8.1.7, SOC 2,CC-Access Control

Your device doesn't have a screensaver enabled with a password. It leaves it open for phsyical access by anyone. This is very dangerous!

Implementation

Tested for Action Elevation Script
iOS 15 Command line user screenlock_check

Remediation

https://www.youtube.com/watch?v=2t0NrqIwI2s

Rollback

https://www.youtube.com/watch?v=2t0NrqIwI2s

Your device is jailbroken

Threat

Dimension : system integrity / Severity : 5

Tags : CIS Benchmark Level 1, ISO 27001/2,Mobile Device Policy, PCI-DSS,Requirement-5.1, SOC 2,CC-Mobile Device Management

Your device is jailbroken. Either you did it yourself or a bad actor did it to access your personal data. This is very dangerous! You need to restore your device to factory settings.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user jailbreak_check

Remediation

https://www.youtube.com/watch?v=_VNsH_OWmRw

Rollback

https://www.youtube.com/watch?v=_VNsH_OWmRw

Potentially compromised email address

Threat

Dimension : credentials / Severity : 4

Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture

Your email address might have recently appeared in a data breach. Please set your email in the Identity tab, review the breaches if any and follow instructions.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user pwned -i 365

Remediation

Tested for Action Elevation Script
iOS 15 Command line digitalidentity_manager

Rollback

https://en.wikipedia.org/wiki/Have_I_Been_Pwned

Unverified network environment

Threat

Dimension : network / Severity : 1

Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture

The network you are connected to is not a known one. If you are allowed to scan this network, go to the network tab and verify the presence of potentially dangerous devices.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user lanscan

Remediation

Tested for Action Elevation Script
iOS 15 Command line network_manager

Rollback

https://en.wikipedia.org/wiki/Port_scanner

App is not up to date

Threat

Dimension : applications / Severity : 3

This app is not up to date. Applications are constantly updated to fix potential security issues. It's your best interest to get updates as soon as you can through automatic updates.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user latestapp_check

Remediation

https://www.youtube.com/watch?v=ucf4ATXwfuw

Rollback

https://www.youtube.com/watch?v=FG2DXkPA93g

Your OS is not up to date

Threat

Dimension : system integrity / Severity : 3

Tags : CIS Benchmark Level 1, ISO 27001/2,System Update Policy, PCI-DSS,Requirement-6.2, SOC 2,CC-System Updates

Your operating system is not up to date, please proceed to upgrade to get the latest security patches.

Implementation

Tested for Action Elevation Script
iOS 15 Command line user latestos_check

Remediation

https://www.youtube.com/watch?v=o4zUfDPwHnM

Rollback

https://www.youtube.com/watch?v=o4zUfDPwHnM