Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The iPhone just lost its perfect security record — now what?
The Verge ^ | 6 Nov 2014 | Russell Brandom

Posted on 11/06/2014 10:14:15 AM PST by for-q-clinton

For most of the iPhone's lifespan, it's been effectively immune to malware. There were theoretical attacks and viruses targeting jailbroken phones, but thanks to the tight controls of the App Store, finding iOS malware in the wild has been nearly impossible. If you didn't jailbreak your phone and you weren’t targeted by the NSA, you simply didn't have to worry about catching a virus.

Yesterday, that changed. A security firm called Palo Alto Networks discovered a malware program they’re calling Wirelurker, which sneaks into computers through unauthorized Chinese apps, then attacks iOS devices when they connect over USB. It’s an obscure line of attack (when’s the last time you actually plugged your iPhone into your computer?), confined to China, and so far the effects have been minimal. The actual payload for non-jailbroken phones was just a test balloon, side-loading a comic book app to prove the attack really worked. Jailbroken phones got a nastier payload, infecting payment apps, but that's to be expected. Last night, Apple blocked the apps, saying "We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources." Less than 24 hours after Palo Alto Networks published its report, Wirelurker appears to be mostly wiped out. Still, that doesn't mean Apple is completely in the clear. The vulnerabilities exploited by Wirelurker will be around for much longer, and could pose a serious threat to Apple's otherwise spotless record. Now that the platform has had its first real virus scare, there's reason to think it won't be the last.

(Excerpt) Read more at theverge.com ...


TOPICS: Business/Economy; Crime/Corruption; News/Current Events; Technical
KEYWORDS: crap; iphone; malware; security
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 221-222 next last
To: kevkrom

Read it again...this is enabled on ALL iphones. All I need you to do is plug your iPhone into my PC. Voila...I now own your iPhone (so to speak).


21 posted on 11/06/2014 10:30:26 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Norm Lenhart

We ain’t throwing stones at apple exclusively for doing the same or less than your “alternatives” do as a matter of course.

that is simply whacked....


22 posted on 11/06/2014 10:31:43 AM PST by papertyger (Those who don't fight evil hate those who do)
[ Post Reply | Private Reply | To 18 | View Replies]

To: House Atreides

Man people need to read for understanding.

Basically I can install a virus/malware on your iPhone by plugging it into my USB. How long will it take to install a virus on someone’s phone who leaves it at the table.

Want to spy on your girlfriend? Just install the “corporate app” I spy on her phone when she’s not looking by plugging it into your laptop.


23 posted on 11/06/2014 10:32:45 AM PST by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Norm Lenhart
I don’t know what made me think of that.

We do.

24 posted on 11/06/2014 10:33:16 AM PST by papertyger (Those who don't fight evil hate those who do)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Norm Lenhart

You mean like claiming the iPad is replacing desktop computers when the article says it’s so marginal now that people just use the new iPhone instead...? ;)


25 posted on 11/06/2014 10:34:20 AM PST by Moltke ("The Press, Watson, is a most valuable institution if you only know how to use it.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: papertyger

And you intentionally missed the point.


26 posted on 11/06/2014 10:34:36 AM PST by Norm Lenhart (Feet to the fire folks. YOU PROMISED!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: for-q-clinton
Read it again...this is enabled on ALL iphones. All I need you to do is plug your iPhone into my PC. Voila...I now own your iPhone (so to speak).

I suggest you re-read. This appears to be a flaw in iTunes, not iOS, where if the user is stupid enough to download an app from an unauthorized/untrusted site that knows how to do it, the app then exploited a feature in iTunes to make it a "trusted" source of apps and could proceed to download other apps without authorization.

That's not "owning" my phone, nor can your version of iTunes do that without you specifically targeting it. Worst case: you can install some crapware on my phone that I can simply delete. If I were idiotic enough to compromise my phone in the first place.

27 posted on 11/06/2014 10:36:48 AM PST by kevkrom (I'm not an unreasonable man... well, actually, I am. But hear me out anyway.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: for-q-clinton

I do not trust any Smart Phone or Tablet


28 posted on 11/06/2014 10:37:08 AM PST by molson209 (Blank)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Norm Lenhart

No, I took the wider view of which you are, apparently, incapable.


29 posted on 11/06/2014 10:37:18 AM PST by papertyger (Those who don't fight evil hate those who do)
[ Post Reply | Private Reply | To 26 | View Replies]

To: kevkrom

“if the user is stupid enough to download an app from an unauthorized/untrusted site “

Look up “Pro Tools Ilok problems” to see what happens when one vendor controls all the marbles.

Then see the result in tens of millions of dollars in damage, lost sales, closed businesses and broken contracts due to the Soviet model of computer security.


30 posted on 11/06/2014 10:40:26 AM PST by Norm Lenhart (Feet to the fire folks. YOU PROMISED!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: for-q-clinton

“Man people need to read for understanding....”
***************************************************************************************
I agree. Unfortunately there are people who “read” but still don’t get a true understanding of what they’ve just read. Such people will always be with us.


31 posted on 11/06/2014 10:40:53 AM PST by House Atreides
[ Post Reply | Private Reply | To 23 | View Replies]

To: papertyger

So open minded your brain fell out.


32 posted on 11/06/2014 10:40:54 AM PST by Norm Lenhart (Feet to the fire folks. YOU PROMISED!)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Norm Lenhart

33 posted on 11/06/2014 10:41:21 AM PST by Salamander (People will stare. Make it worth their while.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Norm Lenhart

Sheesh. It’s so obvious.

I think.


34 posted on 11/06/2014 10:41:42 AM PST by freedomlover
[ Post Reply | Private Reply | To 19 | View Replies]

To: Norm Lenhart

That’s it. I’m stocking up on bottle caps.


35 posted on 11/06/2014 10:41:55 AM PST by TADSLOS (The Event Horizon has come and gone. Buckle up and hang on.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: Salamander

Nope. PR people ;)


36 posted on 11/06/2014 10:42:35 AM PST by Norm Lenhart (Feet to the fire folks. YOU PROMISED!)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Norm Lenhart

HA!

[hi Norm]

;]


37 posted on 11/06/2014 10:44:23 AM PST by Salamander (People will stare. Make it worth their while.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: TADSLOS

At least Vault-Tec makes the pip boy. Imagine if it were Apple based...

Lone wanderer would be in trouble...


38 posted on 11/06/2014 10:44:52 AM PST by Norm Lenhart (Feet to the fire folks. YOU PROMISED!)
[ Post Reply | Private Reply | To 35 | View Replies]

To: for-q-clinton; All
Since the OP mentions USB ports in conjunction with “iPhone” security problems, it has already been noted on this message board that there is an unfixable security problem in the design of USB ports.
FR: Undetectable, Unpatchable USB-infecting malware is now publically available for anyone to use

I suspect that hackers are actually exploiting this USB port problem with respect to iPhone.

39 posted on 11/06/2014 10:45:27 AM PST by Amendment10
[ Post Reply | Private Reply | To 1 | View Replies]

To: papertyger

Like moths drawn to the light, Apple haters are irresistibly attracted to any thread having to do with Apple. The Apple Haters NEED to hurl insults at Apple users and Apple products—they can’t help themselves.


40 posted on 11/06/2014 10:45:38 AM PST by House Atreides
[ Post Reply | Private Reply | To 29 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 221-222 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson