Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iOS security risks: After the XcodeGhost exploit is Apple's iOS really safer than Android? Plus: What security apps do you need for iPad & iPhone

Karen Haslam | Sept. 24, 2015
In this article we look at some of the security threats that have hit Apple's iOS devices, including XcodeGhost, WireLurker, Masque Attack, the Olag Pliss ransom case and the SSL flaw.

Apple has released a statement to iMore, claiming that Masque Attack isn't really a flaw and that it is unaware of anybody who has been affected.

Because the attack relies on someone actually responding to a dodgy link and downloading an app from somewhere other than the App Store, having ignored a warning about downloading malicious apps, Apple is confident that it has adequate barriers in place to stop people being affected by this particular malware.

However, the best barrier would be to make it impossible to install an app from somewhere other than the App Store, or a company's own servers or secure-website if it is an in-house app.

Was WireLurker a threat?

WireLurker was a Trojan that was inserted into pirated Mac OS X software, such as popular game titles, as well as within simple Windows executables that promised to install pirated apps on a user's iOS device.

Notably, although WireLurker infected iOS devices, it wasn't malware in the traditional sense in that one iOS device did not spread the infection to another. WireLurker could only delivered via a USB connection to a Mac or Windows computer following the download of dodgy software offered on various Chinese websites. The infected software was downloaded over 415,000 times making WireLurker possibly the biggest outbreak of iOS malware yet detected.

Windows users got off lightly because the version of WireLurker used was older and so buggy that it was essentially useless. It also targeted only jailbroken devices.

The version of WireLurker infecting Macs was significantly more sophisticated. It infected other apps on the user's computer to ensure it was kept running, and installed startup scripts. After grabbing some diagnostic details about the Mac, which it sent to a command server (since closed down), it added an invisible background process that waited for USB connections to iOS devices.

If a user attached a jailbroken device then WireLurker used components of the Cydia jailbreak system to grab personal details, such as the user's iCloud address book and the device's phone number, and upload them to the command server. It then infected apps on the device and inserted a handful of other malicious apps.

If a non-jailbroken device was attached, which accounts for the majority of iOS devices in use today, WireLurker silently installed a comic book app on the user's device. Adding third-party apps via USB should be impossible because of the requirement that they're digitally signed, which usually happens upon purchase via the official App Store (and which is why iTunes can restore apps to your device). However, WireLurker subverted the enterprise provisioning system that allows organisations to install their own apps on the iOS devices of their employees. This requires a security profile to be installed within the Settings app but the hackers behind WireLurker were able to hide this within the app itself so that it was installed when the app was first run. Users had to click Continue on a dialog box but there was no warning a malicious app might be being installed. Users were sure to run the app when they first spotted it in order to discover what it was.

 

Previous Page  1  2  3  4  5  6  7  8  9  10  11  12  13  14  Next Page 

Sign up for CIO Asia eNewsletters.