November 24, 2014
Mac, iPad and iPhone owners have always poked fun at PC and Android users, criticizing them for the many ways that malware was able to compromise their non-Apple systems. Of course when you maintain an iron grip on who gets to develop software and hardware for you as Apple has always done, then there are many fewer paths of infection that can compromise a system. PC and Android has always been a proponent of open architecture which means that anyone and everyone was free to develop everything from apps to operating systems. This makes them patently more vulnerable to backdoor hacking. However a spate of highly publicized iOS and OS X security issues have left Apple devotees wondering what happened.
A recent report by the New York Times revealed: “While malware attacks have been possible against jailbroken iOS devices for some time, a new piece of malware has been discovered that can infect even iPhones that have not been jailbroken.“
Palo Alto Networks also discovered a program called WireLurker which can be used for a number of nefarious purposes including spying on users.
“The point of entry seems to be OS X computers, with researchers having found 467 malware OS X applications in the unofficial Maiyadi App Store in China that were downloaded more than 356,000 times in the past six months in the region. Once on a Mac, WireLurker can infect any iPhone that’s connected via USB to the computer, and install malicious applications. WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”
The vulnerability of these systems may be disturbing, but what is an even larger concern is that these two hacks were not the only worms in the Apple. In early October, a Russian security company discovered another flaw in OS X that enabled hackers to take control of infected 17,000 devices using Reddit.
According to a Rt.com report: “One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm.” It has not yet been determined how the malware spreads, but Russian experts say that once a Mac has been infected, the software establishes a connection with the command server.” http://rt.com/news/193032-mac-infected-hackers-reddit/
Although hacking has always been worrisome for computer users, what has really been causing many Apple users to wake up in a cold sweat are the number of ways in which hackers have been not only gaining but using their access.
For example: On Oct. 28 Fox News published a report concerning journalist Sharyl Attkisson who reported that her CBS computer and personal iMac had been repeatedly hacked and its contents accessed, including information pertaining to an article on Benghazi that was critical of the current Washington administration.
Fox News also reported: “Further scrutiny of her personal desktop (by a consultant hired by CBS) proved that the interlopers were able to co-opt her iMac and operate it remotely, as if they were sitting in front of it.” http://www.foxnews.com/politics/2014/10/27/highly-sophisticated-hacking-sharyl-attkisson-computers/
Inside Every Dark Cloud
As if the compromise of iMacs and iPhones weren’t bad enough, Reuters reported on Oct. 21 that Apple’s iCloud storage service in China had been hacked resulting in messages, passwords and even photos being compromised. Employing a technique known as a Man-in-the-Middle attack, hackers were able to superimpose their own site between the users and the iCloud server. The sophisticated attack was reputed to have been perpetrated by the Chinese government.
Reuters report said: “An Apple representative declined comment on the allegations that Beijing was trying to spy on Apple customers, but noted that the company had updated its technical support page to provide advice on how to protect against such attacks. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.” http://www.reuters.com/article/2014/10/21/us-apple-china-security-idUSKCN0I92H020141021
Rotten to the Core?
While these well-publicized security breaches have given a number of people pause to reconsider Apple’s new-found vulnerabilities, there are still a number of people and organizations that still point fingers at other operating systems.
Live Trading News detailed Home Depot’s recent security breach. After the retail giant’s Microsoft-based payment data system was relieved of 53 million e-mail addresses and 56 million credit card account numbers, the company bought two dozen new iPhones and MacBooks for its senior executives. In fact, many believe that the latest big Mac attack is no cause for alarm. Quite the contrary, if you read the Nov. 10 blog by livetradingnews.com, you will find that:
“It is not that Apple devices have not faced any security problems in past. They even had security issues but still Apple Inc. iPhone and MacBooks are comparatively secure platforms. They can deal with the malware and other threats in a much better way. Still, whether the use of Apple Inc. MacBooks and iPhones can solve the problem of security breaches for the Home Depot or not, time will tell. It is a high time for The Home Depot to seriously find the cause of the problem.” http://www.livetradingnews.com/home-depot-inc-nysehd-use-apple-inc-nasdaqaapls-iphones-macbooks-81726.htm#.VGPA_PnF8do
Sadly, it really does not matter any more what type of machine you, I, or multinational corporate executives choose to use, there is no way to completely bulletproof yourself against hackers. All you can do is make sure you keep your machines protected with at least three layers of anti-malware software, keep your software updated or face having to answer the toughest of all questions that comes with any big Mac attack, “You want fries with that?”
Carl Weiss has been working the web to win since 1995 and has helped hundreds of companies increase their online results. He is president of W Squared Media and co-host of the weekly radio show Working the Web to Win which airs Tuesdays at 4pm Eastern on BlogTalkRadio.com. Click here to get his latest book "Working The Web to Win: When it comes to online marketing, you can't win, if you don't know how to play the game!".