Upload
lookout
View
3.631
Download
1
Embed Size (px)
Citation preview
i O S T H R E A T SThe State of iOS Security
The iOS App Store is not the impenetrable walled
garden you think it is.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y
1# M Y T H : The Apple App Store has never had malware in it
FA C T : The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.
3# M Y T H :
FA C Tdevices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.
2# M Y T H :
FA C Ttypes of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y
1# M Y T H :
FA C Tmalware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.
3# M Y T H :
FA C Tdevices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.
2# M Y T H : Apple devices cannot be attacked like Android
FA C T : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y
1# M Y T H :
FA C Tmalware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.
3# M Y T H : Threats on iOS only affect jailbroken devices
FA C T : Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.
2# M Y T H :
FA C Ttypes of attacks as Android malware including data exfiltration and surveillance.
Today, iOS malware looks a lot like Android
malware in 2010.
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream.
Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken
devices, and finally sneaking into the official App Store
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first
Android malware in the Google Play store called DroidDream.
Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken
devices, and finally sneaking into the official App Store.
K E V I N M A H A F F E Y
Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the
largest platforms first. Criminals are soon going to double down on iOS with targeted attacks.
Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.
H A C K I N G TO O L S
V U L N E R A B I L I T I E S
M A LW A R E
!Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means.
!Software holes in the iOS platform that could be exploited to own iOS devices.
!Apps that take user data or negatively impact the device without the user’s knowledge or permission.
i O S T H R E A T S T O D A T E
What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:
i O S T H R E A T S T O D A T E
2009
Ikee First piece of iOS malware.
2010
JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone.
2011
Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved.
2012
Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.
i O S T H R E A T S T O D A T E2013
Evasi0n !Mactans !Jekyll and Hyde
2014
Keyboard contents bug !Xsser mRAT !Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. !WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone.
2015
XAgent
The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.
STAY SAFE !
Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what
you're doing and, of course, have a security app in place!
For more mobile security information, follow