Page 10 - index
P. 10
iOS Malware
Over just the last month, Chinese iPhone and iPad owners have been hit with two distinct iOS
mass malware infections. Unlike previous spates of iOS-targeted malware, many of those victims
hadn't jailbroken their phones to install unauthorized apps.
In at least the most recent of these two attacks, victims did have to make an almost comical series
of blunders to have their phone hacked. The malware, which Palo Alto Networks called YiSpecter in
its detailed writeup, tricked users into circumventing Apple's tightly controlled App Store to install a
porn video player. (In some cases the hackers used local internet service providers in China, which
are known to hijack traffic to insert ads on websites, to advertise the sexy video app in pop-up
prompts.) If the user fell for that lure, the hackers managed to skirt Apple's App Store and install the
app by using a so-called "enterprise certificate," a system that allows companies and agencies to
install their own custom programs on employees' phones without Apple's signoff.
“Unteathered” Jailbreaking
Over the years, Apple has introduced features to its mobile operating system, iOS, that made
jailbreaking your iPhone in order to customize and tweak your phone or tablet less appealing.
The jailbreak consists of a Windows software package that allows for an “untethered” jailbreak –
meaning, your device doesn’t have to be plugged into your computer to run. The jailbreak reportedly
works on iPhones, iPads, and iPod touch devices running iOS 9 through 9.0.2.
After jailbreaking, users are able to install Cydia, a framework that lets you download and install
unofficial packages onto your device that allow you to run apps or make changes the iOS operating
system would otherwise prevent.
Android Phones are more vulnerable to attacks from hackers since there are many ways to
download and install apps from any Android Appstore. The Android install base worldwide is much
larger than iPhone install base.
As more and more hackers are targeting smartphones to conduct cyber crimes, the users must be
aware of potential danger to their personal information and likelihood of their phones be used to
launch phishing attacks.
Users can take few essential steps to curtail cyber crimes.
1. Only download apps from Appstore or Google Play. Do not download apps from any other
store unless authorized for their work.
2. Go to Settings for each app downloaded and limit the permissions. For example do not
allow a Game App to access Contacts.
3. Set encryption ON
4. Set PIN/Passcode
10 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
