Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

iOS security risks: After the XcodeGhost exploit is Apple's iOS really safer than Android? Plus: What security apps do you need for iPad & iPhone

Karen Haslam | Sept. 24, 2015
In this article we look at some of the security threats that have hit Apple's iOS devices, including XcodeGhost, WireLurker, Masque Attack, the Olag Pliss ransom case and the SSL flaw.

Apple sent a notification of the iOS 7.0.6 update but if you haven't updated be sure to go to Settings > General > Software Update. You can find the information here.

If you are running iOS 6 you also need to update. Apple has provided iOS 6.1.6 - but this is only available for the iPhone 3GS, much to the annoyance of those who have refused to update to iOS 7. More on that below...

PART 2: Does this mean my iPad and iPhone aren't safe? How can I make them secure?

Given these examples, should we be concerned about the safety of our iOS devices? How can we ensure that our iPhone and iPad are safe from malicious threats?

How to make sure your iPhone or iPad is secure and safe from WireLurker and other malware

Make sure you keep your iPhone up to date with the latest updates. It may be necessary to install an iOS update to ensure that there was no chance of someone snooping on your activity.

To avoid malware infections such as WireLurker, never attach your device to a computer or even a USB charger unless you're 100% sure it's safe. Remember that infections on a Mac or PC are likely to be invisible to the user.

Additionally, never jailbreak your phone because - quite simply - it undoes all the good work Apple has done in securing iOS.

Never use pirated software (or software that promises to install pirated iOS apps), and keep iOS updated too, so that you keep ahead of the jailbreaking exploits that are used by hackers to infect devices.

If you suspect you've been infected by WireLurker or a similar malware, open the Settings app and then tap General > Profiles. If you're infected you'll see an entry here that you didn't install. Tapping it will offer the chance to remove it (although Apple has already revoked the profile used in WireLurker).

Bear in mind that some apps such as the Cloak VPN app install their own profiles here, as do some Wi-Fi providers. However, you should already know about these, having okayed their installation.

How did the celeb photos hack happen?

Reports initially suggested the iCloud photo leak might have been the result of hackers taking advantage of a flaw in the Find My iPhone service that was said to allow an attacker to try an unlimited number of passwords until the right one was found.

TheNextWeb reported that it had discovered the script that was used to hack into the celebrity accounts on the software site GitHub. That report claimed the script used a flaw in Find My iPhone to crack the passwords for the accounts using "brute force" - in other words the software was able to repeatedly enter the most popular passwords approved by Apple until it hit on the right one. Users would have been unaware that their accounts were compromised.

 

Previous Page  1  2  3  4  5  6  7  8  9  10  11  12  13  14  Next Page 

Sign up for CIO Asia eNewsletters.