Phone & i. Pad security: Why the i. OS app Xcode. Ghost exploit shouldn't concern you - Features. In this article we look at some of the security threats that have hit Apple's i.
OS devices, including Xcode. Ghost, Wire. Lurker, Masque Attack, the Oleg Pliss ransom case and the SSL flaw. We also discuss what measures you should implement to ensure your device is safe, and we evaluate whether the i. Phone and i. Pad are safe from malware.
According to Apple the i. OS platform is completely secure.
The company even states that it "designed the i. OS platform with security at its core. Keeping information secure on mobile devices is critical for any user, whether they’re accessing corporate and customer information or storing personal photos, banking information, and addresses.
Because every user’s information is important, i. OS devices are built to maintain a high level of security without compromising the user experience."As a result, Apple's i. Pad and i. Phone are generally considered to be safe and secure devices to use, and many confidently claim that i.
- Antivirus For Apple Ipad, free antivirus for apple ipad software downloads.
- I just bought an IPAD 2 and was on Goggle and all of a sudden, in one of the webpages were viruses and apple told me my system was infected. Do we need a virus.
- Mac security expert Intego has released an antivirus application for iPhone and iPad, in light of recent talks that Apple’s mobile OS is safer jailbroken.
OS is safer than Android. However, Apple's i. OS platform for the i. Pad and i. Phone hasn't been without its security breaches and vulnerabilitiies, and nor has i. Cloud, the cloud storage service which makes it possible to access documents, photos and more on all of your Apple devices. Read on to find out about: The latest security exploits to affect i.
OS on the i. Phone and i. Pad: What you need to know about Xcode.
Ghost. In the lastest security exploit, which was identified around 2. September, some developers - located in China - have used the incorrect program to create apps for the i.
Is Symantec Endpoint Protection Mobile Edition 6 (SEPME 6) supported on the iOS-based devices from Apple? Is the newer Symantec Mobile Security 7.2 (SMS 7.2)? Why the iOS app XcodeGhost exploit shouldn't concern you. Apple's iPad and iPhone are generally considered to. Which antivirus program do I need for an iPad. No the iPad doesn't need any virus protection. None exists the only thing that you have to do to clean up your iPad is go to settings, safari, scroll down, clear. Read reviews, compare customer ratings, see screenshots, and learn more about Protection. Download Protection and enjoy it on your iPhone, iPad, and iPod.
Download Avira Mobile Security and enjoy it on your iPhone, iPad, and. The only thing it does do is provide location services which apple already does. Is there Antivirus protection for iPad? If so,am I safe banking on my ipad how do I go about getting it? Is. Banking safe on ipads Asked by Maggie G.
OS app store. It is thought that the developers downloaded a fake version of Xcode because it was taking too long to download Xcode from Apple’s own servers, which are hosted in the US. Xcode weighs in at around 3. GB in total. The Chinese developers were using Xcode. Ghost rather than Apple’s Xcode.
While the affected apps are Chinese, there are a few popular apps among them such as Angry Birds 2, although Rovio has confirmed that only the Chinese App store version of Angry Birds 2 is vulnerable, and that a fix is coming soon, according to 9to. Mac. Apparently 3. Palo Alto Networks, there is a full list on 9to. Mac. However, there may in fact be more than 3. Chinese security firm who said it found 3. V3. It seems that only apps purchased from the Chinese App Store are affected though. Apple began addressing the issue on Sunday after being alerted to the fact that Xcode.
Ghost had been embedded in some apps. To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps," said Apple. An affected app could automatically open websites designed to infect the device with a virus, or show pop ups designed to gain personal information from the user in a phishing attempt. Apple’s walled garden approach to the App Store means it is typically safe. This is the first major breach of the App Store, before this exploit their had only been five instances of affected apps. Android’s open ecosystem, on the other hand, leaves the door open to security issues.
Each app goes through a careful review process before Apple allows it into the store. Unfortunately, this time the Xcode malware made its way past Apple’s reviews.
What other security exploits have affected i. OS on the i. Phone and i. Pad. 20. 14 was a year of security vulnerabilities and targetting of i. OS. First off, a security flaw was discovered in late February 2. Starbucks or an internet café. Then in late May, some users from the UK, Australia and other countries reported that their i. Phones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $1.
Next came news that nude photos of Jennifer Lawrence and around 1. British model Cara Delevigne, Cat Deeley, Kelly Brook, and Rihanna had made their way onto image bulletin board 4chan, at the end of August.
Apple claims that the privacy breach was not the result of a compromise of any of the systems used for its i. Cloud storage service. However, through some means hackers were able to access celebrity photos that were stored in i. Cloud. Then in November the first malware with the potential to infect all i. Phones and i. Pads was discovered by security firm Palo Alto Networks. Malware affecting jailbroken devices is nothing new but Wire.
Lurker - as the researchers christened it - used a two- stage attack involving USB connections via a Mac or PC, and a glitch in an i. OS feature that allows organisations to install their own apps on non- jailbroken i. OS devices. While Wire. Lurker installed malicious apps on jailbroken phones and plundered them of personal information - including the device’s phone number and i. Cloud address book - non- jailbroken phones got off more lightly, with just a benign pirated comic book app invisibly installed on the phone. Basic diagnostic data was also passed to a central command server.
Apple has since blocked Wire. Lurker on both i. OS devices and Macs but experts suggest that the technique used will give rise to further attacks. Sure enough, just a week after Wire.
Lurker stole the headlines, another i. OS 8 malware threat emerged. This threat, known as Masque Attack creates decoy apps that are like those on your i. Phone, and these decoy apps attempt to steal your personal information. According to Fire. Eye, who spotted the threat, Masque Attacks can pose much bigger threats than Wire. Lurker. So, following these recent situations, can Apple maintain its stance that i.
OS is secure. We examine the various cases that have begged the question of security on the i. OS platform, we look at how to make sure your i. Phone or i. Pad is secure (and the problems some people have experienced when updating their device), and we asking whether this mean that Apple's i. OS isn't secure? Read on to find out.. PART 1: Security threats to i.
OS devices. We examine the Xcode. Ghost, Wire. Lurker and Masque Atteck malware, the Olag Pliss ransom case and the SSL flaw. Plus: What really happened in the Jennifer Lawrence nude images leak? Is Xcode. Ghost a threat? Palo Alto Networks, however the affected apps are developed in and hosted in China, so it is unlikely that you will be running any of them on your i. Phone or i. Pad, unless you had downloaded them from the Chinese App Store.
For example, while Angry Birds 2 is affected by the exploit, apparently it is only the Chinese App Store version that is affected. If you are in China, Apple has already removed the affected apps from the App Store. Was Masque Attack a threat?
Masque Attack, a threat spotted by Fire. Eye, creates decoy apps that mimic those on your i. Phone and steal your personal information. Apple was able to block Wire.
Lurker by blocking enterprise certificate that it was using to install malicious apps, but Masque Attack uses the same bundle identifiers as existing apps instead. According to Fire. Eye: “This vulnerability exists because i.
OS doesn't enforce matching certificates for apps with the same bundle identifier.”To avoid being compromised by Masque Attack, only install apps that come directly from the App Store, don’t click on Install if you see a pop- up on a website or if you see a prompt to install an update to an app like Flappy Bird. Also, if i. OS displays an alert that an app is from an Untrusted App Developer tap Don’t Trust and uninstall it. At its worse the malware could replace Gmail or banking apps with a fake apps that would steal your data you give it. Fire. Eye said: “We verified this vulnerability on i. OS 7. 1. 1, 7. 1.
An attacker can leverage this vulnerability both through wireless networks and USB.”Apple has released a statement to i. More, claiming that Masque Attack isn’t really a flaw and that it is unaware of anybody who has been affected. Because the attack relies on someone actually responding to a dodgy link and downloading an app from somewhere other than the App Store, having ignored a warning about downloading malicious apps, Apple is confident that it has adequate barriers in place to stop people being affected by this particular malware. However, the best barrier would be to make it impossible to install an app from somewhere other than the App Store, or a company’s own servers or secure- website if it is an in- house app. Was Wire. Lurker a threat? Wire. Lurker was a Trojan that was inserted into pirated Mac OS X software, such as popular game titles, as well as within simple Windows executables that promised to install pirated apps on a user’s i.
OS device. Notably, although Wire. Lurker infected i.
OS devices, it wasn’t malware in the traditional sense in that one i. OS device did not spread the infection to another. Wire. Lurker could only delivered via a USB connection to a Mac or Windows computer following the download of dodgy software offered on various Chinese websites. The infected software was downloaded over 4.
Wire. Lurker possibly the biggest outbreak of i. OS malware yet detected.
Windows users got off lightly because the version of Wire. Lurker used was older and so buggy that it was essentially useless. It also targeted only jailbroken devices.
The version of Wire. Lurker infecting Macs was significantly more sophisticated. It infected other apps on the user’s computer to ensure it was kept running, and installed startup scripts. After grabbing some diagnostic details about the Mac, which it sent to a command server (since closed down), it added an invisible background process that waited for USB connections to i. OS devices. If a user attached a jailbroken device then Wire. Lurker used components of the Cydia jailbreak system to grab personal details, such as the user’s i.
Cloud address book and the device’s phone number, and upload them to the command server. It then infected apps on the device and inserted a handful of other malicious apps. If a non- jailbroken device was attached, which accounts for the majority of i. OS devices in use today, Wire. Lurker silently installed a comic book app on the user’s device. Adding third- party apps via USB should be impossible because of the requirement that they’re digitally signed, which usually happens upon purchase via the official App Store (and which is why i. Tunes can restore apps to your device).
However, Wire. Lurker subverted the enterprise provisioning system that allows organisations to install their own apps on the i. OS devices of their employees. This requires a security profile to be installed within the Settings app but the hackers behind Wire. Lurker were able to hide this within the app itself so that it was installed when the app was first run. Users had to click Continue on a dialog box but there was no warning a malicious app might be being installed. Users were sure to run the app when they first spotted it in order to discover what it was. Aside from the nasty Mac infection, which can be cleared- up using a tool created by the security researchers, the good news is that the app installed on non- jailbroken devices was benign.
It was probably more of a test to see if the procedure was possible. Had an infection taken place the existing security measures within i. OS – such as the sandboxing of apps – would have blocked nearly all malicious activity. However, Wire. Lurker has exposed significant flaws within i. OS with regard to USB connections and enterprise provisioning that Apple will no- doubt address soon. What happened in the Jennifer Lawrence nude photos case? Jennifer Lawrence and around 1.
British model Cara Delevigne, Cat Deeley, Kelly Brook, and Rihanna that made their way onto image bulletin board 4chan, at the end of August. The news has lead to some uncertainty about just how secure i. Cloud is, and what you should do to make sure that the same thing doesn’t happen to you. First things first, if you aren’t a celebrity chances are nobody is interested in any photos of you.
According to Apple these photos were stolen from i. Cloud in a "very targeted attack”, targetted at celebrities. The hackers then asked for payment in bitcoin to view the photos, some of which were claimed to be fake by the celebrities involved. Apple said in a statement that: "After more than 4. Internet.”The company insists that the privacy breach did not stem from a compromise of any of the systems used for the cloud storage service. Apple said: “None of the cases we have investigated has resulted from any breach in any of Apple's systems including i. Cloud or Find my i.
Phone.”Earlier reports had suggested that a flaw in i. Cloud was responsible for the hack, but Apple says that none of the cases it has looked into were tied to any vulnerability in the company's systems. Apple is working with law enforcement on the matter.
The FBI is also investigating. Read: How to prevent naughty pictures appearing on the web. What happened in the Oleg Pliss ransom case? Back in May 2. 01.
Australia, the UK, and elsewhere had their Apple ID accounts compromised and their i. OS devices held to ransom via Apple's Find My i. Phone service. Apple's Find My Phone feature allows i. Phone, i. Pad and Mac owners to remotely lock and track their devices if they're lost or stolen. A custom message can be displayed on the lockscreen when the feature is activated. In late May, users reported that their i.
Phones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $1. Apple said at the time that the incidents were not the result of i. Cloud being compromised and hinted that password reuse across multiple online accounts might be the cause of the hijackings.
BY mid June, Russian authorities revealed that they had arrested a man and a teenaged boy from Moscow under suspicion that they compromised Apple ID accounts and used Apple's Find My i. Phone service to hold i. OS devices for ransom. It's not clear if the two Moscow residents, aged 1. Oleg Pliss attacks, but the crime referred to in the press release the Russian Ministry of Interior issued to announce the arrests was of a similar nature to the i. Phone ransom attacks. The two allegedly compromised email accounts and used phishing pages and social engineering techniques to gain access to Apple ID accounts.
They are then accused of using the Find My Phone feature to lock the associated devices and send messages to the owners threatening to delete data unless the ransom was paid. Another technique involved placing advertisements online that offered to rent an Apple ID account with access to a lot of media content. Once users accepted the offer and linked their devices with that account, the attackers then used the Find My Phone feature to hijack them, Russian authorities said. What was the SSL flaw in Apple's i. OSIn February 2. 01. Apple issued updates to i. OS 7 to protect against the security flaw.
We recommend that users install the updates. The SSL problem was with Apple's implementation of a basic encryption feature that shields data from snooping.
Most websites handling sensitive personal data use SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which establishes an encrypted connection between a server and a person's computer. If an attacker intercepts the data, it is unreadable. However, i. OS's validation of SSL encryption had a coding error that bypassed a key validation step in the web protocol for secure communications. As a result, communications sent over unsecured Wi- Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man- in- the- middle attacks. They could also supply fake data that makes it appear an authentic web service has been cryptographically verified. There are also security risks in Mac OS X. Read more about them here: Do Macs get viruses? In the case of the SSL flaw, the danger is mitigated somewhat since an attacker must be on the same network as the victim.
However, you could be open to attacks if you are using a shared network and someone is snooping on that network. This could be someone in your local Starbucks. Secured Wi- Fi networks, such as home and business networks with encryption enabled, are not affected. Read about how to keep your social networking private here.
Apple sent a notification of the i. OS 7. 0. 6 update but if you haven't updated be sure to go to Settings > General > Software Update. You can find the information here. If you are running i. OS 6 you also need to update. Apple has provided i.
OS 6. 1. 6 - but this is only available for the i. Phone 3. GS, much to the annoyance of those who have refused to update to i.
OS 7. More on that below.. PART 2: Does this mean my i. Pad and i. Phone aren't safe? How can I make them secure? Given these examples, should we be concerned about the safety of our i. OS devices? How can we ensure that our i. Phone and i. Pad are safe from malicious threats?
How to make sure your i. Phone or i. Pad is secure and safe from Wire. Lurker and other malware. Make sure you keep your i. Phone up to date with the latest updates. It may be necessary to install an i. OS update to ensure that there was no chance of someone snooping on your activity.
To avoid malware infections such as Wire. Lurker, never attach your device to a computer or even a USB charger unless you’re 1. Remember that infections on a Mac or PC are likely to be invisible to the user. Additionally, never jailbreak your phone because – quite simply – it undoes all the good work Apple has done in securing i. OS. Never use pirated software (or software that promises to install pirated i. OS apps), and keep i.
OS updated too, so that you keep ahead of the jailbreaking exploits that are used by hackers to infect devices. Read: Should you jailbreak an i. Phone: Is jailbreaking good for an i. Phone or i. Pad? Is jailbreaking safe?
The pros and cons of i. OS jailbreaking. If you suspect you’ve been infected by Wire. Lurker or a similar malware, open the Settings app and then tap General > Profiles. If you’re infected you’ll see an entry here that you didn’t install.
Tapping it will offer the chance to remove it (although Apple has already revoked the profile used in Wire. Lurker). Bear in mind that some apps such as the Cloak VPN app install their own profiles here, as do some Wi- Fi providers. However, you should already know about these, having okayed their installation. How did the celeb photos hack happen? Reports initially suggested the i. Cloud photo leak might have been the result of hackers taking advantage of a flaw in the Find My i.
Phone service that was said to allow an attacker to try an unlimited number of passwords until the right one was found. The. Next. Web reported that it had discovered the script that was used to hack into the celebrity accounts on the software site Git. Hub. That report claimed the script used a flaw in Find My i. Phone to crack the passwords for the accounts using "brute force" – in other words the software was able to repeatedly enter the most popular passwords approved by Apple until it hit on the right one. Users would have been unaware that their accounts were compromised. However, Apple says the hack wasn't the result of an i.
Cloud vulnerability or a breach in Find My i. Phone, but rather a targeted attack where hackers sniff out user names, passwords, and answers to security questions.
As Apple says, targeted attacks on specific users are commonplace. For example, Wired editor Mat Honan had his i. Cloud account hacked back in 2. Another suggestion as to how these compromising celebrity photos were acquired was that it could have been through an email phishing attack. The theory is that celebrities could have been tricked into entering their usernames and passwords on a fake login page.
On IPAD 2 do we need a virus protection. There are ways to get a virus on the i. Pad, although none exist out in the wild. Applications are sandboxed so one application can't alter another in any way. However, Apple thinks they're above everyone else so they don't sandbox their apps like Safari (even though there is no reason not to). Because of this, there has already been multiple exploits for i.
OS ranging from something as simple an a . Granted these were already fixed, but there's always one more exploit just waiting to be found.