In what could be the biggest Apple hack ever, more than 225,000 valid iPhone accounts have been compromised and thousands of certificates, private keys, and purchasing receipts stolen, according to a new report from security company Palo Alto Networks.
The firm has identified 92 samples of a new malware in the wild -- and it’s targeting the iOS family. It’s called KeyRaider and it appears to be the largest known malware-related Apple account theft in iOS history. Criminals aimed to use the information to download applications from the official App Store and make in-app purchases without actually paying.
“KeyRaider targets jailbroken iOS devices and is distributed through third-party Cydia repositories in China,” Palo Alto wrote in its report. “In total, it appears this threat may have impacted users from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.”
Information Security Apathy
We turned to Kevin Foisy, chief software architect and co-founder of security firm Stealthbits Technologies, to get his thoughts on the event. He told us hackers often play on the human element and this breach speaks volumes to public awareness and apathy toward information security.
“Every IT security person knows that cracking an iPhone exposes users to unnecessary personal risk but the bigger picture unfolds when that iPhone connects to a resource inside the place of work,” Foisy said. “Despite security measures, the user just beamed the hacker inside the secure walls of their workplace.”
Mobile users often get frustrated with various limitations that vendors place on their smart devices, said Lane Thames, security research and software development engineer at advanced threat detection firm Tripwire. Indeed, there are cases where we can all agree that limitations might have gone too far, especially if the “limitation” is actually done for the vendor’s benefit, he noted.
The Cost of Jailbreaking
“However, limitations placed on mobile devices are often done for the benefit of the end user or for the greater good of the overall mobile ecosystem,” Thames said. “This is definitely true in the case of mobile application management.”
Particularly, mobile application stores such as Apple’s App Store and Google Play do a very good job of whitelisting mobile applications and preventing the spread of mobile malware, he said.
“Users who jailbreak their devices in order to install those very few applications that are not available via an official app store are significantly more prone to being infected by malware such as KeyRaider,” Thames said. “The costs of jailbreaking your smartphone is much, much higher than any potential rewards. At the end of the day, it’s just not smart to jailbreak your smartphone.”
News Factor
No comments:
Post a Comment