Friday, October 10, 2014

Phishers Find Apple Most Tasty Target

from technewsworld.com

"Follow the money" isn't just the war cry of journalistic bloodhounds hot on the trail of political corruption. It's the mantra of Web predators, too. That's why PayPal consistently has been the top brand targeted by phishers -- although that appears to have changed.

Apple now has the dubious distinction of most-phished brand, according to the latest report from the Anti-Phishing Work Group.
For the first half of this year, 17.7 percent of all phishing attacks were aimed at Apple -- a first for the brand -- followed by PayPal (14.4 percent) and Chinese shopping site Taobao.com (13.2 percent), the APWG reported.

Have phishers suddenly become more interested in stocking their music libraries from iTunes than siphoning money from PayPal? Not quite.

"We're seeing a lot of account takeover types of stuff, and your Apple ID is tied into everything," report coauthor Rod Rasmussen told TechNewsWorld.

Target Churn

Phishers can get into all kinds of mischief with an Apple ID, suggested Rasmussen, who also is president and CTO of IID.

"I'm betting some of the naked celebrity photos were stolen with the use of Apple IDs," he said.

"They can be also used to lock a user out of their phone and ransom it back to them for money," Rasmussen continued. "There are lots of different attack vectors, which adds up to why Apple is being phished as heavily as it is."

A greater variety of institutions now are being targeted by phishers, compared to the past, the APWG report notes. For example, in the first half of this year, the group found 756 unique institutions targeted by phishers. Almost half those targets -- 347 -- hadn't been phished in the previous six-month period.

"This amount of churn, or turnover, shows phishers trying out new targets," APWG reported. "They are looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing."

Behavioral Defenses

If the mammoth data breaches in recent months illustrate anything, it's that perimeter defenses alone aren't adequate to keep attackers at bay. Defenders need to accept the fact that their systems will be penetrated and deploy defensive strategies to deal with that inevitability.

One strategy is to combine behaviorial analysis with big data to identify those internal threats.

Intruders that have penetrated a system can be very difficult to identify without some kind of machine assistance.

"Once they're inside, they'll look like regular employees, because they've hijacked an employee's credentials," Idan Tendler, CEO of Fortscale, told TechNewsWorld.

Intruders eventually engage in behaviors that give away their masquerade, though.

"The only way to identify these suspicious users is by profiling their behavior, by analyzing system logs that document their behavior," Tendler said.

The profiles can be used to establish a normal behavior pattern, and "from that, you can automatically spot abnormal behavior by users," he explained.

Profiling Misbehavior

An added benefit of identifying intruders who've compromised an employee's credentials is that potential malware attacks also can be identified. For example, a large proportion of Advanced Persistent Threats -- 76 percent by some estimates -- eventually end up stealing credentials on a system.

"Why?" asked Tendler. "Once the malware infiltrates the enterprise, it hijacks credentials to be used for reconnaissance and exfiltration of information from the system."

Behavioral analysis also can be used to make perimeter defenses stronger.

"If you have a website that's public-facing, or a mobile app, you want to understand who your customer is -- because, as we've seen, passwords are becoming less and less effective," said NuData Security Director Of Customer Success Ryan Wilk.

"You need better ways to find these anomalies to give a customer better insight into who is touching their website and how it's being used," he told TechNewsWorld, "so when an account or transaction is created, you can know if that account or transaction is valid."

Behavioral analysis can be a way for system defenders to see the bad trees in the forest of data moving through their networks every day.

"Bad behaviors will stand out drastically from good behaviors," Wilk said. "It's very easy to identify these artifacts when you're pulling together all this data, creating behavioral profiles and seeing what the anomalies are."

Thursday, September 25, 2014

iOS8 Update Recalled Following Rampant Problems

from billboard.com

Apple has stopped providing an update to its new iOS 8 mobile operating software, following complaints that the update interferes with users' ability to make phone calls.

The iOS 8.0.1 update released Wednesday morning was intended to fix some earlier glitches in the new software for iPhones and iPads that Apple released last week.

But along with blocking calls, some users have also complained the update interferes with Apple's Touch ID system, which lets people unlock their phones with their fingerprint.

Apple says it's pulling back the update as it investigates the reports. The company says it plans to issue advice to users "as quickly as we can."

Meantime, users are still able to the upgrade older phones to last week's version of iOS 8.

Wednesday, September 24, 2014

Bendgate puts Apple in awkward position

from 3news.co.nz

Apple pitched its new iPhone range as its "thinnest-ever", but some users have found that to be a serious drawback.

The iPhone 6 Plus is not only thin, but its body is made of aluminium, which bends quite easily compared to plastic and glass.

The controversy has been labelled 'Bend-Gate', and it's not limited to people deliberately mistreating their pricey new devices. 
Some have reported their phones curving after merely being left in a jean pocket for a while.

"In one example, a new 6 Plus was bent during a day of 'dancing, dining, and driving to a wedding'," reports the Sydney Morning Herald.

Others have found their phones developing kinks after barely even bumping them.

"I've had significantly harder impacts to my 4s and never had any type of breakage or bending problems," one user told Apple fansite MacRumors.

The iPhone 6 Plus' screen is 5.5 inches across diagonally, and only 7mm thick. Most previous iPhones have been made of glass and/or plastic.

It's not the first phone with a tendency to bend however – MacRumors says owners of the Samsung Galaxy S4, Sony Xperia Z1 and the Blackberry Q10 have had similar problems.
"Any phone made of metal is still subject to the laws of physics," the site claimed.
Apple sold more than 10 million iPhone 6 and 6 Plus devices in its first weekend on sale.

Monday, July 14, 2014

iPad tied to boy's nickel allergy

from cbc.ca
The iPad is a potential source of nickel allergy reactions, say pediatricians who suggest parents choose a metal-free cover for the electronics.

Allergic contact dermatitis is becoming more common in children, especially nickel, dermatologists say. In Monday’s issue of the journal Pediatrics, doctors in the U.S. describe the case of an 11-year-old boy with dermatitis that didn’t respond to standard ointment.

He tested positive in a skin patch test for nickel allergy. At an avoidance counselling session, doctors became aware that the family had bought a first generation iPad in 2010 and that the patient was using it more frequently.

After covering his iPad and avoiding nickel, including through diet, the dermatitis improved significantly for five months, Dr. Sharon Jacob of Loma Linda University in California and Dr. Shehla Admani of the dermatology department at the University of California, San Diego, said.

Allergic reactions to Apple laptops and iPhones have been reported, but the iPad hasn’t come up as a potential source of nickel sensitization in children before, the researchers said.

They suggested patients could reduce contact between skin and devices either by using a case or cover that is nickel-free or simply applying duct tape to create a barrier.

Doctors should also consider "metallic-appearing electronics and personal effects" as potential sources of nickel exposure, Jacob and Admani said.

In 2008, dermatologists warned, people who use their cellphones for long periods may develop a rash on their ears or cheeks.

Thursday, July 3, 2014

How to steal passwords from a locked iPhone

German researchers say that they have found a way to steal passwords stored on a locked Apple iPhone in just six minutes.
And they can do it it without cracking the iPhone's passcode.
Researchers from the Fraunhofer Institute Secure Information Technology (Fraunhofer SIT) say that the attack targets Apple's password management system - known as the keychain.
Here's a YouTube video where the German researchers demonstrate their attack in action:

The only hint of a consolation is that the attack can not be done remotely - the attackers need physical access to your iPhone to steal information.
But if the attacker only needs to have his hands on your iPhone for six minutes, how much of a comfort is this really? Don't forget, it's not unusual for people to lose their mobile phones or leave them unattended on their desk while they pop off to the coffee machine.
According to material published by Fraunhover Insitute SIT, sensitive password information can be extracted from a user's iPhone without needing to know the passcode.
The researchers claim that all iPhone and iPad devices containing the latest firmware are vulnerable. At a time when Apple and its fans are pushing hard for more companies to bring iPhones into the enterprise there will undoubtedly be concerns if these vulnerability claims are found to be true.
All eyes must now turn to Cupertino to see what Apple has to say about this.

Tuesday, May 27, 2014

Hackers Use ‘Find My iPhone’ App to Lock, Hold Devices for Ransom

from http://abcnews.go.com
Some iPhone and iPad users in Australia had a rude awakening this morning when they discovered their devices had been locked and held for ransom by a mysterious hacker going by the name “Oleg Pliss.”

The people impacted by the breach reported via tweets and the Apple forum that they received messages indicating their devices had been hacked and they needed to make a payment in order for them to be unlocked.

Tuesday, April 22, 2014

Active malware campaign steals Apple passwords from jailbroken iPhones

from arstechnica.com
Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads.

News of the malware dubbed "unflod," based on the name of a library that's installed on infected devices, first surfaced late last week on a pair of reddit threads here and here. In the posts, readers reported their jailbroken iOS devices recently started experiencing repeated crashes, often after installing jailbroken-specific customizations known as tweaks that were not a part of the official Cydia market, which acts as an alternative to Apple's App Store.

Since then, security researcher Stefan Esser has performed what's called a static analysis on the binary code that the reddit users isolated on compromised devices. In a blog post reporting the results, he said unflod hooks into the SSLWrite function of an infected device's security framework. It then scans it for strings accompanying the Apple ID and password that's transmitted to Apple servers. When the credentials are found, they're transmitted to attacker-controlled servers.

In an e-mail to Ars, Esser said the malicious code works only on 32-bit versions of jailbroken iOS devices. "There is no ARM 64-bit version of the code in the copy of the library we got," he wrote. "This means the malware should never be successful on [the] iPhone 5S/iPad Air or iPad mini 2G."

reddit readers said unflod infections can be detected by opening the SSH/Terminal and searching the folder /Library/MobileSubstrate/DynamicLibraries for the presence of the Unflod.dylib file. Compromised devices may possibly be disinfected by deleting the dynamic library, but since no one so far has been able to figure out how the malicious file is installed in the first place, there's no guarantee it won't somehow subsequently reappear.

"That is why we recommend to restore the device," Esser told Ars. "However, that means people will lose their jailbreak until a new one is released, and the majority of jailbreak users will not do that."

Of course, whichever course of disinfection users of infected devices choose, they should also change their Apple ID password as soon as possible.

The unflod campaign, which was also analyzed by researchers from antivirus provider Sophos, underscores the risks associated with installing unknown apps on jailbroken iPhones.

"I will also again take this moment to point out to anyone concerned that the probability of this coming from a default [Cydia] repository is fairly low," Cydia developer Jay Freeman, aka Saurik, wrote in one reddit comment. "I don't recommend people go adding random URLs to Cydia and downloading random software from untrusted people any more than I recommend opening the .exe files you receive by e-mail on your desktop computer."