If you think that iOS and OS X are secure, think again. There are a pair of attacks out there that will change your mind in a hurry.
The first attack is called “Wirelurker” and it’s been infecting both Mac OS and iOS systems over the course of the past six months. Here’s what the researchers who discovered it had to say:
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.
WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.
Scary stuff. Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it’s able to request updates from attackers.It’s largely in China, but who’s to say that it won’t spread. Apple is trying to stop it from spreading and had this to say to iMore:
“We are aware of malicious software available from a download site aimed at users in China,” an Apple spokesperson told iMore, “and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”
I assume that they are blocking it using XProtect which is a rudimentary way for OS X to block suspicious files.
The second threat is called “Masque Attack” and this one only affects iOS devices. It tries to get users to install an app outside of the iOS App Store, by clicking a phishing link in a text message or email. Once they do, it installs malware over top of a legitimate app by using the same use the same bundle identifier (a unique identifying number that apps have). This way it makes the threat completely undetectable.
Security company FireEye discovered this threat and here’s why you should be scared:
Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps,such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.
The attack works on iOS 7.1.1, 7.1.2, 8.0, 8.1, and the 8.1.1 beta. That means that Apple has some serious work to do to combat this.
So what can you do to protect yourself? In the case of “Masque Attack”, do not not install apps from third-party sources other than the Apple App Store. You should also avoid clicking on “install” popups in SMS messages or third-party websites, and avoid apps/uninstalling apps that give an “Untrusted App Developer” alert. In the case of “Wirelurker”, Users should not download and run Mac apps or games from third-parry app stores, download sites, or other untrusted sources. You should also not jailbreak your iDevice. If your iDevice comes from your company, you should avoid unknown enterprise provisioning profiles. Another tip is that you should avoid pairing your iDevice with unknown computers or charging with chargers from untrusted or unknown sources.
Like this:
Like Loading...
Related
This entry was posted on November 10, 2014 at 7:02 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Two New Attacks Threaten iOS and OS X
If you think that iOS and OS X are secure, think again. There are a pair of attacks out there that will change your mind in a hurry.
The first attack is called “Wirelurker” and it’s been infecting both Mac OS and iOS systems over the course of the past six months. Here’s what the researchers who discovered it had to say:
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.
WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.
Scary stuff. Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it’s able to request updates from attackers.It’s largely in China, but who’s to say that it won’t spread. Apple is trying to stop it from spreading and had this to say to iMore:
“We are aware of malicious software available from a download site aimed at users in China,” an Apple spokesperson told iMore, “and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”
I assume that they are blocking it using XProtect which is a rudimentary way for OS X to block suspicious files.
The second threat is called “Masque Attack” and this one only affects iOS devices. It tries to get users to install an app outside of the iOS App Store, by clicking a phishing link in a text message or email. Once they do, it installs malware over top of a legitimate app by using the same use the same bundle identifier (a unique identifying number that apps have). This way it makes the threat completely undetectable.
Security company FireEye discovered this threat and here’s why you should be scared:
Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps,such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.
The attack works on iOS 7.1.1, 7.1.2, 8.0, 8.1, and the 8.1.1 beta. That means that Apple has some serious work to do to combat this.
So what can you do to protect yourself? In the case of “Masque Attack”, do not not install apps from third-party sources other than the Apple App Store. You should also avoid clicking on “install” popups in SMS messages or third-party websites, and avoid apps/uninstalling apps that give an “Untrusted App Developer” alert. In the case of “Wirelurker”, Users should not download and run Mac apps or games from third-parry app stores, download sites, or other untrusted sources. You should also not jailbreak your iDevice. If your iDevice comes from your company, you should avoid unknown enterprise provisioning profiles. Another tip is that you should avoid pairing your iDevice with unknown computers or charging with chargers from untrusted or unknown sources.
Share this:
Like this:
Related
This entry was posted on November 10, 2014 at 7:02 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.