Immune No More: An Apple Story

July 25, 2013

For a very long time, Apple and its pseudo-religious user-base prided itself on being a platform free of malware; those days are inarguably and unequivocally over. Its emergence as the early winner on the mobile computing market and its increasingly robust share of the traditional computer and laptop market has – for the last few years at least – drawn the attention of cybercriminals that once found it hard to make money targeting the Cupertino, California tech giant’s machines.



The new and harsh reality is that no platform, Apple included, is free from threats. In fact, Apple is under siege from multiple directions. Attackers and researchers alike are finding vulnerabilities in and creating exploits for their mobile holdings, traditional computers, and even their remotely accessible cloud services.

Just recently a team of German university researchers reverse engineered the default password creation formula that Apple’s mobile iOS operating system uses to set up a pre-shared key between an iPhone or iPad and the computer to which it is tethered as a Wifi hotspot. The pre-shared key is a word plus four numerical digits that authenticates users when they want to use their phone to connect some other machine to the Internet. After discovering a series of weaknesses in the way Apple generates these pre-shared keys, the researchers we’re able to reliably – as in 100 percent of the time – crack iOS’s WiFi hotspot passwords in less than a minute.

The screen-lock on Apple’s suspiciously Android-like iOS 7 was easily bypassed by some guy in Spain shortly after the beta-release. To be fair, it was the beta release. Beta releases are supposed to be buggy, but it was also a public beta that was downloaded by a large number of users.

Apple created two-factor tool earlier this year, which is good, but they also implemented a buggy password reset service called iForgot that they ended up having to pull offline for a short while.

Apple’s all-but-ubiquitous music player, iTunes, and its enormously popular application marketplace, the App Store, have had their fair share of phishing attacks and account takeovers. However, phishing attacks and account takeovers have been neither endemic nor negligible until a recent and dramatic increase in phishing attacks targeting Apple user-IDs and payment information. The Apple ID is essentially the key that gives a user access to all of his Apple accounts and devices.

Apple created two-factor tool earlier this year, which is good, but they also implemented a buggy password reset service called iForgot that they ended up having to pull offline for a short while.

“The scammers make use of phishing sites that imitate the official site. Since the beginning of 2012 until the present time this has resulted in a significant increase in the number of web antivirus detections triggered by users of our products attempting to visit such sites. During that period we have seen on average around 200,000 detections per day. By contrast, in 2011 the figure stood at around 1,000 detections per day,” said Nadezhda Demidova of Kaspersky Lab in an analysis of the trend.

New Mac malware is cropping up faster than ever. Just last week we wrote about a ransomware scam imitating the FBI and targeting OS X users. Worse yet, not a month seems to go by where I don’t read (or in some cases write) some story about Mac malware targeting Uygur or Tibetan activists. Beyond these there have been OS X backdoors and, in one case, a researcher uncovered a new variant of Mac malware at an anti-surveillance workshop in Oslo.

Just this weekend, attackers compromised an Apple Developers site. The reasons for the compromise are unclear, I can tell you who the attacker were not targeting there: Windows users.

Beyond these, there are a slew of cross-platform, versatile threats capable of determining a host-computer’s operating system and containing the appropriate malicious scripts to compromise it.

In the end it doesn’t really matter which platform you use. If there is money to steal or valuable information to be found, then your computer is a viable target. All you can do is stay vigilant, run a great security product, and keep all your wares up-to-date.