Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iOS security risks: After the XcodeGhost exploit is Apple's iOS really safer than Android? Plus: What security apps do you need for iPad & iPhone

Karen Haslam | Sept. 24, 2015
In this article we look at some of the security threats that have hit Apple's iOS devices, including XcodeGhost, WireLurker, Masque Attack, the Olag Pliss ransom case and the SSL flaw.

Aside from the nasty Mac infection, which can be cleared-up using a tool created by the security researchers, the good news is that the app installed on non-jailbroken devices was benign. It was probably more of a test to see if the procedure was possible.

Had an infection taken place the existing security measures within iOS - such as the sandboxing of apps - would have blocked nearly all malicious activity. However, WireLurker has exposed significant flaws within iOS with regard to USB connections and enterprise provisioning that Apple will no-doubt address soon.

What happened in the Jennifer Lawrence nude photos case?

Jennifer Lawrence and around 100 big-name stars including British model Cara Delevigne, Cat Deeley, Kelly Brook, and Rihanna that made their way onto image bulletin board 4chan, at the end of August. The news has lead to some uncertainty about just how secure iCloud is, and what you should do to make sure that the same thing doesn't happen to you.

First things first, if you aren't a celebrity chances are nobody is interested in any photos of you. According to Apple these photos were stolen from iCloud in a "very targeted attack", targetted at celebrities. The hackers then asked for payment in bitcoin to view the photos, some of which were claimed to be fake by the celebrities involved.

Apple said in a statement that: "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet."

The company insists that the privacy breach did not stem from a compromise of any of the systems used for the cloud storage service. Apple said: "None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find my iPhone."

Earlier reports had suggested that a flaw in iCloud was responsible for the hack, but Apple says that none of the cases it has looked into were tied to any vulnerability in the company's systems.

Apple is working with law enforcement on the matter. The FBI is also investigating.

What happened in the Oleg Pliss ransom case?

Back in May 2014 some people in Australia, the UK, and elsewhere had their Apple ID accounts compromised and their iOS devices held to ransom via Apple's Find My iPhone service.

Apple's Find My Phone feature allows iPhone, iPad and Mac owners to remotely lock and track their devices if they're lost or stolen. A custom message can be displayed on the lockscreen when the feature is activated. In late May, users reported that their iPhones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $100 or 100 to unlock it.

 

Previous Page  1  2  3  4  5  6  7  8  9  10  11  12  13  14  Next Page 

Sign up for CIO Asia eNewsletters.