
Let the Fight Begin
I'm getting some popcorn :D
The largest-scale attack of its kind on Apple Macs, phones and tablets – and believed the first to maliciously target non-jailbroken iPhones – has been detected. And it's hit thousands and thousands of devices in the wild. WireLurker infects OS X computers, and lies in wait for USB connections to Apple iPads and iPhones. It …
This worked by requiring people to jail break their phones and then connect to some dodgy Chinese app store website?
Because I was reading this expecting it to be about software downloaded from the main apple webstore.
So the whole gist of this article is if you jail brake your phone and then download apps from a foreign website , you could have malware installed on your system.
.
.
And in other news, bears do in fact crap in the woods! :S
The point is that Apple users are complacent. Apple OSX or iOS isn't magically more secure. It's just been a smaller target.
iOS will be targeted more, it depends on OSX share as to if it has much attention.
Most malware gets installed by user interaction, lack of user care on Windows. Hence AV isn't really the solution.
"The largest-scale attack of its kind on OSX devices, believed the first to maliciously target non-jailbroken iPhones"
implies otherwise.
I interpreted the article to mean that it may have got into the Apple ecosystem via jailbroken phones but once on a Mac it can infect non-jailbroken devices via USB.
>keywords: OS X applications
So, like I am wondering. Will the AV community actually have to do some work on OSX for once, rather than repurposing stuff to scan for Windows malware coming in somehow? And, will they catch WireLurker, or just claim it's not a virus, but user-installed?
Wonder how successful their threat handling will be. I recently ditched my (free) Sophos AV for excessive CPU guzzling doing live scans. Using ClamXAV, on-demand instead. But, since these puppies haven't really been blooded on OSX, dunno how much to trust them...
That said, it sounds like it's not exactly easy for the average (Western) Joe MacUser to catch this, at this point.
As usual, those who believe Macs are inherently immune are naive. Inherently more robust (than Windows) most likely, but that's about it.
This worked by requiring people to jail break their phones and then connect to some dodgy Chinese app store website?Because I was reading this expecting it to be about software downloaded from the main apple webstore.
No, this requires users to download (infected) software from the Maiyadi App Store for Macs, like a Macbook Air, or the new iMac with 5k screen, or whatever.
It then also infects any iDevice connected to the compromised Mac via USB, so it can potentially compromise any iPhone, iPad and iPod you have as well as your Mac. The iDevices do not have to be jailbroken before they can be compromised.
The moral of this story is that 3rd party vendors can contain compromised software, regardless of the target OS. Caveat emptor, as they say :)
OK so let me get this straight.. It's OK to use the "china excuse" when it comes to Apple exploits, but when it's Android in question, and it's a China-only problem, it doesn't get a single mention. It's malware mad headlines....
This uneven playing field is why nobody takes these media outlets seriously anymore. They have long since lost all their technical credibility and are just a sensationalist gutter reporting, the techy's Daily Star if you will.
Whatever you do, stay covered and watch out where you insert it... that is what me dad told me when I was 14. Applies to all USB devices I have around here as well ... ;-)
Basically, an infected computer can infect non-jailbroken iphone. I assume that is a bug in both iTunes and iPhone, then.
Not a bug, a feature
Normally that's meant as a joke, but in this case it really is a feature. Not only is it A feature, but it's THE feature as far as enterprises are concerned. Take this away and force them to install the apps they need on their corporate iWhatsits one at a time through the app store and you wouldn't be able to give the things to corporate users.
Sadly, as with many features designed for convenience, it's also an attack vector. Such problems shall always exist as long as non-geeks want to use technology.
We have malware that only infects those who leave the Apple walled garden (for the first infection that is).
Only effects those who used a dodgy Chinese site I believe, also sophisticated code and appears to only monitor the user. Hmmmm looks like a certain non-democratic Government doesn't it me old China ? Or could it be Apple making sure we never leave the walled garden ?
Sorry I'm going out now, I may be gone some time.
No, for OSX there is no, enforced wall. One can configure/mutilate/change how you like, install what you like from where you like, write and install your own core dumping programme or infinitely recursive script in whatever language for which you can get a compiler under OSX. It's just a BSD UNIX plus bells land whistles and a consumer windows interface, but still with the ability to use any other you can find or just a terminal.
IOS (for iPhones, iPads etc.) is restricted. But private firms may want private apps for company devices. From the article, it seems that they the possibility of providing an app store for their apps, accessed from a computer (OSX in this case). Presumably, one connects the IOS kit and uses iTunes to install the firm's app on the iPhone. So, someone has taken advantage of this to provide a dodgy app store. Fred Bloggs connects to that via his OSX host, gets that fascinating app., and so to IOS.
So the IOS app store is irrelevant; the stanards consumer protection is irrelevant. Just as with any other computer (or goods), a user goes to an unauthorised dealer to obtain goods and so has got no guarantee, no support, no evidence of provider. Bit like buying bootleg DVDs or a hair dryer at the back ot a pub that fell off a lorry. It's just a bigger market and needs a bit more effort.
Don't worry, while you're out it will be updated to a drive by installer on some website you trust that will install itself on your Mac and wait patiently for you to plug in your iDevice into the usb port. But there's nothing to fear since you're not some godless Chinese peasant who jailbroke their iDevice. Then again, it's pretty clear you didn't actually read the article and don't understand the actual infection vector.
Let me know how the whole head in the sand thing works out for you.
Bollox.
I don't mind calling myself a Fanboi. And guess what, I've adopted the recommended practise of getting my apps from the App Store. Not from some third party dodgy Chinese App Store or from an unrecognised Apple developer. In fact, with my current settings, my Mac would not allow me to obtain software from such a store.
Enterprises are at liberty to install iPhone apps from an OS X computer. There's nothing new about that.
In fact there's nothing new in this report at all, apart from the fact that it's a big deal in China.
Don't install bad software from places you don't trust. If you don't give a shit, someone will take advantage of you.
>> Enterprises are at liberty to install iPhone apps from an OS X computer...
As far as I know, to do this they have to install a provisioning profile on the iPhone - that's signed by an enterprise certificate backed by an Apple provisioning root CA (so no just some self-signed thing). The provisioning profile lets the iPhone run the application that's signed by the developer's certificate backed again by an Apple root CA.
It would be interesting to know if these virus writers have found a way round all that - some Apple bug in iOS or iTunes; or if they've set up a rogue enterprise, had it approved by Apple, and somehow persuaded the users to install their provisioning profile.
Apple have since reported that the identified apps have been blocked to prevent them launching. Naturally, they don't go into details.
There's an excellent investigative report that you can download here. The report makes it clear that the iOS apps that WireLurker offers to install are signed by enterprise certificates.
" Its one reason they are happy with the walled garden, its totally safe from the worlds nasties....." - if you read the article, it isn't an iOS virus. It is a Trojan in apps for OSX (a big Mac) that then compromises the big computer to look for tablets and such being connected, and they in turn are compromised by abusing, I presume, the update protocols. Clever stuff, but totally bypasses iOS, the walled garden, everything.
Do you "butter" your bread? Do you "rake" your lawn? Does your mechanic "lube" your car?
The facility of "verbizing/verbising" a noun is one of the strengths of the English language. Even though I just now invented a word, everyone with at least two functioning neurons grasped my meaning.
Of course, being a foreigner -- I was born in and live in the US -- explains why my "ability with English is limited."
***The point is that Apple users are complacent. Apple OSX or iOS isn't magically more secure. It's just been a smaller target.***
Oh Jesus H Christ, not more of this...
NO intelligent user of ANY OS supposes it to be "magically" completely secure (the ones who do don't count).
Many users however can make an intelligent distinction between "completely secure" and "relatively secure".
Unix systems are not magically "secure" but they are demonstrably "more secure". Their use across the web does not constitute a "small target".
Let's say it yet, yet, yet again: There are currently no viruses proper - at all - for OSX (there will be, sometime, but this isn't one of them). There are however Trojans - ooh, must be 6 or 7 now. There already were Trojans - nothing has changed. Trojans require stupidity to work. No system, however secure, will guard against stupidity. Is this news?
I (and a load of other people) use Macs for serious work, not because they're hip or shiny but because they're nicely thought out and work well. I do not imagine they are immune to nasties. But I have observed, from evidence, that they are comparatively immune. I'm sick to the back teeth of the yah-boo-sucks level of "fanbois" discussion (isn't that something to do with wooden ventilators?), the eternal repeats of the same old same old. Get a life, for Chrissake, there are different systems - just get over it.
In other news (a few articles back):
"Malware monitors PandaLabs says 227,747 new malware samples are released every day.
The findings from its recent survey found 20 million samples were created in the third quarter of 2014.
Three quarters of infections were trojans while only 9 percent were viruses and 4 percent worms.
The number of trojans rose 13 percent over the last three months, displacing viruses which fell by 10 percent over the same period."
Where do you suppose the overwhelming bulk of this stuff is targeted?
As far as iOS is concerned this is a virus. The original infection of the host may be via a torjan (many viruses are/were) but the fact it can replicate onto any number of iOS devices without user interaction makes it a virus.
The replication of the virus may be limited to the first client as the infected iOS device can not spread it any further so it is still very limited.
Let's say it yet, yet, yet again: There are currently no viruses proper - at all - for OSX (there will be, sometime, but this isn't one of them).
If you are using a definition of "virus" that does not include compromised software that;
a) deliberately spreads itself to other devices from the infected device, and deliberately modifies existing applications so they contain it's own code
b) deliberately harvests information from the infected device and uploads that to a 3rd party server
c) contains the ability to autoupdate to add additional functionality or update existing functionality
d) deliberately obfuscates itself to avoid detection
then AFAIK Windows currently has no "proper viruses" either. I'm struggling to define "virus" such that this malware doesn't fit the definition but current Windows malware does, since it seems to have almost exactly the same MO as any of the Windows crop.
NO intelligent user of ANY OS supposes it to be "magically" completely secure (the ones who do don't count).
Don't be ridiculous. Of course they count. And some of them (at least one whom I personally know) are quite intelligent.
Unix systems are not magically "secure" but they are demonstrably "more secure".
True enough.
Their use across the web does not constitute a "small target".
As far as user-targeting malware is concerned, yes it does. Servers are another matter, but servers are much harder to infect than desktops to begin with. For starters, they almost never hang out in sleazy websites like users do.
Let's say it yet, yet, yet again: There are currently no viruses proper - at all - for OSX (there will be, sometime, but this isn't one of them).
You do realize that even Apple stopped trying to push that particular line of bull 5 years ago, right? Yes, OSX viruses do exist and are in the wild and have been around since at least 2006. For a few examples, see
OSX_IWORM.A OSX_SLORDU.A OSX_MACKONTROL.A and OSX_MUSMINIM.A all of which are viruses that can be picked up via drive-by-downloads. And those are just a few examples. Yes, there is much less malware of all types around for OSX, but don't be one of those fools going around believing it doesn't exist.
OSX (and anything else *nix based) is harder to infect that Windows, but by no means is it so difficult as to not be worth it were there a greater number of potential targets. The diminutive market share of non-Windows PCs is very much one of the reasons we don't see more non-Windows malware.
well considering that Mac users tend to have more disposable income, then surely they are a target worth hitting, also considering all the banking system run using UNIX, that's is a colossal target, windows is just not as secure get over it man!
To infect your iOS device you have to:
1. Plug it into the USB port of and infected Computer.
2. Select Yes in the "Trust the Computer" pop-up on the iOS device.
3. Ok the Install of the enterprise provisioning .
Then and only then will it install on your device.
Update: Apple have already revoked the license of that particular enterprise provisioning system.
Setting aside all the searing 'PAIN'...
Apple kicked this malware in the bunghole in a HURRAY, yeah! After Palo Alto Networks had announced their discovery, Apple's turnaround time to block the malware was < 24 hours.
BTW: Palo Alto Networks' free WireLurker Detector is available at the link below. It runs in the Terminal.
https://github.com/PaloAltoNetworks-BD/WireLurkerDetector
I reported to Apple in April, no need to jailbreak, it does write to firmware too. It is not just USB, it is also spread via wifi and Bluetooth with infected machines able to remotely turn on wifi or Bluetooth and even infect iOS set to airplane mode. It appears to be something like a law enforcement or Apple included backdoor or rootkits that has been taken over. It is similar to the mask malware in that is will infect anything. We have it documented to infect Ford vehicles via Bluetooth, and possibly medical devices. Have case numbers and documentation to show Apple denied for a couple months, then plugged it in to their Mac at the local Apple store and have been spreading it since.
Apple is playing a game of chance with users and making false claims and providing false sense of security on devices that are easier to infect and take full control of than many.
Apple failed miserably here and as latest software updates have shown, have lost their way, and it works on any version including latest iOS 8.1.1 beta and Yosemite. Apple took an arrogant stance, denied it, flashed and returned with even more malware on it. Nice and buggy like my new macbookpro that has sloppy OS bugs I had to fix myself.
Apple still has not replaced a couple iPads mini retinas I have that were infected right after purchase if anyone wants to check out or verify. Apple will die in enterprise like they want in on with this type of behavior.
Just like the back doors found on Intel epsd systems this year, Intel denies it, then accuses who submitted the found exploits, then hides behind saying it is NSA (when we verified it was not), then gets hacked by it themselves, then denies its possibility even though we have verification from their chip engineers down to their marketing people it's real, then you find some of it was written by Intel employees, released at black hat, but they never fixed it in their bios.n
Security is a joke, and places are too quick to say NSA backdoor or other false claims, it's the companies back doors, schlock programmers, and priming for future products according to several insiders.