Thursday, November 6, 2014

Malware Discovered In China Could Herald ‘New Era’ Of iOS And Mac Threats

from techcrunch.com
Conventional wisdom suggests that the vast majority of mobile malware cases impact Android devices. Or at least that those who do not jailbreak their iPhones are safe from most threats — even Apple CEO Tim Cook has bashed Android for “dominating” the mobile malware market. Yet a new virus found in China by U.S.-based researchers could herald the first serious security threat to Apple devices.

A report from Palo Alto Networks (hat tip The Verge) claims that a new family of malware is getting past Apple’s settings to potentially infect secure (i.e. not jailbroken) iOS devices using infected software for Macs. Dubbed “WireLurker,” it was found in the wild in the Maiyadi App Store, a third-party Mac store in China, where it is said to have infected 467 apps. Infected versions of these programs have been downloaded more than 350,000 times and are likely to have affected “hundreds of thousands” of users, according to Palo Alto Networks. [Update: Apple tells us that it has blocked infected apps from working -- the company's full statement is at the bottom of this post.]

The malware works by repacking legitimate Mac applications. Once downloaded to a Mac, that software will then install malicious and third-party applications on any iOS device that is connected to the infected machine using a USB cable. What’s most interesting — or, indeed, worrying for Apple customers — is that once on an iOS device, WireLurker reportedly uses a range of sophisticated techniques to modify existing apps for malicious purposes.

While the aim of its creators is not clear yet, Palo Alto Networks reports, WireLurker has been found to steal “a variety of information” from inside rewritten apps. Since it surfaced in China, it is targeting Alibaba’s hugely popular Taobao shopping and AliPay payment apps — where a phone owner’s credit card and bank details are retained — but the security firm says the way it operates could usher in a “new era” of malware for Apple devices.

In particular, Palo Alto Networks says it is “the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.”

The security firm recommends its own product to help prevent WireLurker, but — as ever — the best pieces of advice are to avoid downloading apps from third-party sources, and use officially approved USB cables. The former is more difficult in China, where third-party app store are well established and hugely popular — though that’s more the case for Android than Mac or iOS.

The full report from Palo Alto Networks has additional advice for Apple customers in the enterprise space who could be most at risk given WireLurker’s characteristics.

Wednesday, October 22, 2014

China Attack Aims at iCloud, Apple’s Service for Storage

from nytimes.com
HONG KONG — For Apple in China, trouble seems to be the
new normal.

Cybersecurity monitoring groups and security experts said on Monday that people trying to use Apple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities.

Starting over the weekend, when many users across China tried to sign into their iCloud accounts, they may have been giving away login information to a third party, in what is called a man-in-the-middle attack.

“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way,” said a spokesman for an independent censorship-monitoring website, GreatFire, who declined to be named because of fear of reprisal.

The back-end I.P. address targeted by the attack was changed Tuesday by Apple, according to a tweet from GreatFire.

News of the vulnerability came just as the new iPhone 6 arrived in Chinese stores after a monthlong regulatory delay tied, in part, to concerns about the phone’s security.

Activists and security experts say they believe the attacks are backed by the Chinese government because they are hosted from servers to which only the government and state-run telecommunications companies have access, according to GreatFire. They are also similar to recent attacks on Google, Yahoo and Microsoft aimed at monitoring what users were retrieving on the sites.

“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”

The targeting also potentially reveals a new Chinese government effort to adapt to initiatives by Internet companies — most notably new encryption techniques — to protect user data from government spying.

“The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server,” Mr. Sutton said.

Chinese officials could not immediately be reached for comment.

Many web browsers, like Apple’s Safari, Google’s Chrome and Mozilla’s Firefox, flashed a warning to users that a so-called encryption certificate that is supposed to identify who is on the other end of a web session should not be trusted. That indicated that users were inadvertently communicating with the attackers, rather than iCloud. In effect, the hackers stepped into the middle of the online conversation.

Mr. Sutton noted that Qihoo, a browser offered by the Qihoo 360 Technology Company that is popular in China, did not flash a warning to users.

“As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said the GreatFire spokesman.

“In some ways their hands are being forced. They can attempt these man-in-the-middle attacks or choose to outright block access to these sites. The more sites they block, the more they cut off the Chinese populace from the global Internet,” he added.

The timing of the attack, aligned with the release of the new iPhone in China, is a potential indicator that the government is trying to harvest sign-in data from a large number of users who are switching over to the iPhone 6. The new phone comes with better encryption to protect against government snooping.

In September, Apple, based in Cupertino, Calif., said its latest operating system, iOS 8, included protections that made it impossible for the company to comply with government warrants asking for customer information like photos, emails and call history.

The change prompted the Federal Bureau of Investigation director, James B. Comey, to say in a recent speech that new encryption by Apple and others “will have very serious consequences for law enforcement and national security agencies at all levels.”

“Sophisticated criminals will come to count on these means of evading detection,” Mr. Comey said.

In August, Apple began storing data for iCloud on servers in China in a move it said was intended to enhance performance of the service there. The company said the state-owned service provider China Telecom, which owns the servers where the data is stored, did not have access to the content.

But security experts say it appears that Beijing has found a workaround, by coordinating man-in-the-middle attacks on a mass scale.

Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.

On the webpage, Apple explained how people could distinguish an authentic iCloud.com site from a fake one. Basically, users will receive warnings when the browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings and avoid signing in.

“Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”

Ms. Muller declined to comment on whether Apple had identified the Chinese government as the source of the attacks.

Security experts said users should not visit websites if they receive a browser warning. Mr. Sutton also advised users to turn on two-factor authentication whenever possible, a procedure in which a user is prompted to enter a second one-time password that has been texted to the user’s phone. That way, he said, even if an attacker intercepts a password, they cannot use it to log into a site without the second password. “Users should treat this seriously,” Mr. Sutton said.

Friday, October 10, 2014

Phishers Find Apple Most Tasty Target

from technewsworld.com

"Follow the money" isn't just the war cry of journalistic bloodhounds hot on the trail of political corruption. It's the mantra of Web predators, too. That's why PayPal consistently has been the top brand targeted by phishers -- although that appears to have changed.

Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
For the first half of this year, 17.7 percent of all phishing attacks were aimed at Apple -- a first for the brand -- followed by PayPal (14.4 percent) and Chinese shopping site Taobao.com (13.2 percent), the APWG reported.

Have phishers suddenly become more interested in stocking their music libraries from iTunes than siphoning money from PayPal? Not quite.

"We're seeing a lot of account takeover types of stuff, and your Apple ID is tied into everything," report coauthor Rod Rasmussen told TechNewsWorld.

Target Churn

Phishers can get into all kinds of mischief with an Apple ID, suggested Rasmussen, who also is president and CTO of IID.

"I'm betting some of the naked celebrity photos were stolen with the use of Apple IDs," he said.

"They can be also used to lock a user out of their phone and ransom it back to them for money," Rasmussen continued. "There are lots of different attack vectors, which adds up to why Apple is being phished as heavily as it is."

A greater variety of institutions now are being targeted by phishers, compared to the past, the APWG report notes. For example, in the first half of this year, the group found 756 unique institutions targeted by phishers. Almost half those targets -- 347 -- hadn't been phished in the previous six-month period.

"This amount of churn, or turnover, shows phishers trying out new targets," APWG reported. "They are looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing."

Behavioral Defenses

If the mammoth data breaches in recent months illustrate anything, it's that perimeter defenses alone aren't adequate to keep attackers at bay. Defenders need to accept the fact that their systems will be penetrated and deploy defensive strategies to deal with that inevitability.

One strategy is to combine behaviorial analysis with big data to identify those internal threats.

Intruders that have penetrated a system can be very difficult to identify without some kind of machine assistance.

"Once they're inside, they'll look like regular employees, because they've hijacked an employee's credentials," Idan Tendler, CEO of Fortscale, told TechNewsWorld.

Intruders eventually engage in behaviors that give away their masquerade, though.

"The only way to identify these suspicious users is by profiling their behavior, by analyzing system logs that document their behavior," Tendler said.

The profiles can be used to establish a normal behavior pattern, and "from that, you can automatically spot abnormal behavior by users," he explained.

Profiling Misbehavior

An added benefit of identifying intruders who've compromised an employee's credentials is that potential malware attacks also can be identified. For example, a large proportion of Advanced Persistent Threats -- 76 percent by some estimates -- eventually end up stealing credentials on a system.

"Why?" asked Tendler. "Once the malware infiltrates the enterprise, it hijacks credentials to be used for reconnaissance and exfiltration of information from the system."

Behavioral analysis also can be used to make perimeter defenses stronger.

"If you have a website that's public-facing, or a mobile app, you want to understand who your customer is -- because, as we've seen, passwords are becoming less and less effective," said NuData Security Director Of Customer Success Ryan Wilk.

"You need better ways to find these anomalies to give a customer better insight into who is touching their website and how it's being used," he told TechNewsWorld, "so when an account or transaction is created, you can know if that account or transaction is valid."

Behavioral analysis can be a way for system defenders to see the bad trees in the forest of data moving through their networks every day.

"Bad behaviors will stand out drastically from good behaviors," Wilk said. "It's very easy to identify these artifacts when you're pulling together all this data, creating behavioral profiles and seeing what the anomalies are."

Thursday, September 25, 2014

iOS8 Update Recalled Following Rampant Problems

from billboard.com

Apple has stopped providing an update to its new iOS 8 mobile operating software, following complaints that the update interferes with users' ability to make phone calls.

The iOS 8.0.1 update released Wednesday morning was intended to fix some earlier glitches in the new software for iPhones and iPads that Apple released last week.

But along with blocking calls, some users have also complained the update interferes with Apple's Touch ID system, which lets people unlock their phones with their fingerprint.

Apple says it's pulling back the update as it investigates the reports. The company says it plans to issue advice to users "as quickly as we can."

Meantime, users are still able to the upgrade older phones to last week's version of iOS 8.

Wednesday, September 24, 2014

Bendgate puts Apple in awkward position

from 3news.co.nz

Apple pitched its new iPhone range as its "thinnest-ever", but some users have found that to be a serious drawback.

The iPhone 6 Plus is not only thin, but its body is made of aluminium, which bends quite easily compared to plastic and glass.

The controversy has been labelled 'Bend-Gate', and it's not limited to people deliberately mistreating their pricey new devices. 
Some have reported their phones curving after merely being left in a jean pocket for a while.

"In one example, a new 6 Plus was bent during a day of 'dancing, dining, and driving to a wedding'," reports the Sydney Morning Herald.

Others have found their phones developing kinks after barely even bumping them.

"I've had significantly harder impacts to my 4s and never had any type of breakage or bending problems," one user told Apple fansite MacRumors.

The iPhone 6 Plus' screen is 5.5 inches across diagonally, and only 7mm thick. Most previous iPhones have been made of glass and/or plastic.

It's not the first phone with a tendency to bend however – MacRumors says owners of the Samsung Galaxy S4, Sony Xperia Z1 and the Blackberry Q10 have had similar problems.
"Any phone made of metal is still subject to the laws of physics," the site claimed.
Apple sold more than 10 million iPhone 6 and 6 Plus devices in its first weekend on sale.

Monday, July 14, 2014

iPad tied to boy's nickel allergy

from cbc.ca
The iPad is a potential source of nickel allergy reactions, say pediatricians who suggest parents choose a metal-free cover for the electronics.

Allergic contact dermatitis is becoming more common in children, especially nickel, dermatologists say. In Monday’s issue of the journal Pediatrics, doctors in the U.S. describe the case of an 11-year-old boy with dermatitis that didn’t respond to standard ointment.

He tested positive in a skin patch test for nickel allergy. At an avoidance counselling session, doctors became aware that the family had bought a first generation iPad in 2010 and that the patient was using it more frequently.

After covering his iPad and avoiding nickel, including through diet, the dermatitis improved significantly for five months, Dr. Sharon Jacob of Loma Linda University in California and Dr. Shehla Admani of the dermatology department at the University of California, San Diego, said.

Allergic reactions to Apple laptops and iPhones have been reported, but the iPad hasn’t come up as a potential source of nickel sensitization in children before, the researchers said.

They suggested patients could reduce contact between skin and devices either by using a case or cover that is nickel-free or simply applying duct tape to create a barrier.

Doctors should also consider "metallic-appearing electronics and personal effects" as potential sources of nickel exposure, Jacob and Admani said.

In 2008, dermatologists warned, people who use their cellphones for long periods may develop a rash on their ears or cheeks.

Thursday, July 3, 2014

How to steal passwords from a locked iPhone

German researchers say that they have found a way to steal passwords stored on a locked Apple iPhone in just six minutes.
And they can do it it without cracking the iPhone's passcode.
Researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) say that the attack targets Apple's password management system - known as the keychain.
Here's a YouTube video where the German researchers demonstrate their attack in action:

The only hint of a consolation is that the attack can not be done remotely - the attackers need physical access to your iPhone to steal information.
But if the attacker only needs to have his hands on your iPhone for six minutes, how much of a comfort is this really? Don't forget, it's not unusual for people to lose their mobile phones or leave them unattended on their desk while they pop off to the coffee machine.
According to material published by Fraunhover Insitute SIT, sensitive password information can be extracted from a user's iPhone without needing to know the passcode.
The researchers claim that all iPhone and iPad devices containing the latest firmware are vulnerable. At a time when Apple and its fans are pushing hard for more companies to bring iPhones into the enterprise there will undoubtedly be concerns if these vulnerability claims are found to be true.
All eyes must now turn to Cupertino to see what Apple has to say about this.