The iPhone just lost its perfect security record — now what?

The Verge ^ | 6 Nov 2014 | Russell Brandom

[for-q-clinton]

For most of the iPhone's lifespan, it's been effectively immune to malware. There were theoretical attacks and viruses targeting jailbroken phones, but thanks to the tight controls of the App Store, finding iOS malware in the wild has been nearly impossible. If you didn't jailbreak your phone and you weren’t targeted by the NSA, you simply didn't have to worry about catching a virus.

Yesterday, that changed. A security firm called Palo Alto Networks discovered a malware program they’re calling Wirelurker, which sneaks into computers through unauthorized Chinese apps, then attacks iOS devices when they connect over USB. It’s an obscure line of attack (when’s the last time you actually plugged your iPhone into your computer?), confined to China, and so far the effects have been minimal. The actual payload for non-jailbroken phones was just a test balloon, side-loading a comic book app to prove the attack really worked. Jailbroken phones got a nastier payload, infecting payment apps, but that's to be expected. Last night, Apple blocked the apps, saying "We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources." Less than 24 hours after Palo Alto Networks published its report, Wirelurker appears to be mostly wiped out. Still, that doesn't mean Apple is completely in the clear. The vulnerabilities exploited by Wirelurker will be around for much longer, and could pose a serious threat to Apple's otherwise spotless record. Now that the platform has had its first real virus scare, there's reason to think it won't be the last.

[Salamander]

I’ve met some that were practically frothing.

*Once*, I went to Sunset Electronics in PA to look at the iMacs [which crashed every time I touched them] and the salesman was livid when I decided Apple just wasn’t my thing.

Got very insulting.

Never went back.

[Norm Lenhart]

Picture a $2000 PC that can run near photorealistic video games at 60 frames per second (smooth as silk...no glitching) for weeks on end if needed.

Picture at minimum a $6000 computer that cannot with a monitor the game cannot even approach the capabilities of using and a fraction of the power needed to drive it anyway.

Picture trying to decide which makes for a more logical choice.

Why the 6K Mac of course! And “I” am insane...;)

[5thGenTexan]

The point I am making is that practicality removes that choice for Android.

I don't believe you or I could access the source code for the radio (phone) app on Android, so anything the NSA wanted to hide, it could hide there.

There are pluses and minuses to each system. I just don't think this NSA angle is a differentiator. If it's really there, I bet they made sure it was there for all brands.

[Norm Lenhart]

This is what the $2000 computer can do

https://www.youtube.com/watch?v=gvXfT-sBylM

[Norm Lenhart]

I don’t think its a deal killer since in truth, they can hack anything. But it is indicative of the mentality Apple instills on their users. No choices, do it our way or do not play. THAT is the problem Their way or the highway. Thats the core of liberalism applied to corporate/economic issues.

Look up if you are interested the costs that the music industry incurs each year when Apple releases new gear/operating systems that invalidates the prior year’s investment. It is just one factor in the overall picture.

[Swordmaker]

A Computer Security company claims to have discovered a TWO-FER, A malware that both requires the ability to somehow be secretly infecting OS X Macs Without being noticed by anyone but them (which means getting around Apple's anti-malware system, as well as a dozen other commercially available companies 's systems constantly seeking invasive malware in THEIR labs and the claim is this has been in the wild since June? Sound familiar? Something like the Dr. Web MacBot hoax that no one ever found a member of in the wild?) and then waits unti the infected users plug in their iPhones and iPads and THEN steal data from iOS device. It seems to me to be an awfully round about way to steal data that will be most likely already backed-up to the computer anyway, if anyone DOES that USB thing anymore. Ask yourself, how many iPhone users still hook their iPhones and iPads to their computers anymore since over-the-air updating and WIFI backups have been the mainstay?

All this comes out of CHINA? When just this week it was reported that the Apple iPhone supplanted Samsung Galaxies as the top selling smart phone in CHINA? I smell the ugly aroma of FUD in the morning.

Palo Alto said a developer at Tencent Holdings Ltd. 0700, -0.32% first made note of the threat in June, and then threads on Apple forums started popping up, in which device users noted the installation of strange applications and the creation of enterprise provisioning profiles.

I assure you that had iOS device users reported such events before this, there would have been an outcry that would have been deafening! Look at the outrage over Apple making a free U2 Album available for download that required users to actually install it and think how people would react vocally to finding unknown installed apps and profiles on their iPhones and iPads, It simply has not been happening. The original article itself says it has not been used, nor do they know how it can be used.

In my opinion, for the reasons stated, This is FUD.—PING!

Apple Security FUD Ping!

If you want on or off the Mac Ping List, Freepmail me.

[TexasGunLover]

Crapple’s iPhone never had a perfect record. It’s been compromised at every Black Hat since its creation. Only the iSheep think it’s a well designed device.

[papertyger]

Perfectly understandable; people get pretty weird when you, directly or indirectly, impugn their “occupational” choices.

What I’ve never been able to explain, aside from the aforementioned speculations about psych-trauma in their formative years, is why apple haters carry such over-the-top hostility waaay beyond the “defining characteristic of my life” boundary.

Just look at the arguments here! Is it not obvious some posters are not arguing with opponents on this thread, but with EVERY opponent they’ve ever had on the subject?

[5thGenTexan]

You can only run AIX and approved Linux distributions on IBM servers; you can only run HPUX and approved Linux distributions on HP servers, etc.

The "walled garden" has been a way of life in the enterprise world for years, for many of the same reasons Apple does it. To enhance system stability and security thru rigorous control. There are valid business reasons other than the liberalism analogy.

And with only one reported successful malware attack since the IPhone's initial release in 2007, and with that one requiring the user to violate the "walled garden" to allow it in, I would say that model has served them well.

[papertyger]

Stay strong Norm: proving your rationality is just one more post away ;)

[5thGenTexan]

Which smartphone has a better record at Black Hat?

[Norm Lenhart]

Of course it has. It hasn’t served their users well because we aren’t in enterprise land. Which is why jailbreaking happens. Which is why people that based their businesses on Apple products are upset at the policies Apple has adopted. Because not Apple has locked them in to the upgrade or die cycle that will cost tens of thousands in a lump sum to escape.

Now Apple is soldering ram to their motherboards. Again, no choice. Nect, the Powermac is eliminated. The coffer warmer has cost many people thousands of dollaes to keep their connected and required external hardware useable. If you are happy with it, go with it. But the whole point is that lots of people aren’t and that upsets the Apple fringe to ludicrus degrees. It’s Stalinist.

[Swordmaker]

The money quote:

“...when’s the last time you actually plugged your iPhone into your computer?”

Another is how are they going to get their "weaponized Trojan" past Apple's anti-Trojan detectors. There are only seven families of OS X Trojans with that are candidates. . . and OS X will recognize every one of them and warn user if they download an app with them in it, warn them if they attempt to install one, and warn them again if they attempt to run it. It's FUD.

[Mortimer St. Hubbins]

Source: The Verge

The Verge operated by network media Vox Media

Vox Media: Created by environmental activist and liberal political strategist Jerome Armstrong

No bias here. Anti-Apple ills and their counterparts continue to grasping. As if any Apple user though the iOS was “perfect”.

And yet another enlightening if not telling fact:

Other co-founder of Vox Media:

Markos Moulitsas - liberal political activist, founder and publisher of liberal rag Daily Kos, co-founder of SB Nation, also weekly columnist for The Hill, a D.C. publication

Another co-founder of Vox Media:

Co-founder of SB Nation: Tyler Bleszinski

As everyone can clearly see, this threads source is a leftist organization. Nice to know that, for-q-clinton

[Mortimer St. Hubbins]

Thanks, Swordmaker. Always providing reliable info. compared to the BS being circulated and perpetrated by people who’ll cite liberal activist sources.

[Swordmaker]

Once it’s screwed the system, does it really matter how it gets in?

It does when it's specifically designed to work through USB

[Norm Lenhart]

I’m sure the person that lost his system is real upset about that. I think he’s a bit more miffed that he bought into something that was a myth.

[kevkrom]

I’m sure the person that lost his system is real upset about that. I think he’s a bit more miffed that he bought into something that was a myth.

The myth that downloading apps from an untrusted Chinese site is safe?

[5thGenTexan]

Forgive me, but isn't the iPhone the most successful phone sold on the market? I know all the Android phones combined sell more, but in a model vs. model volume comparison, isn't iPhone #1 by a large margin?

Does a company really get to that level by not serving the needs of their customers?

I get you want to customize your phone and don't care for Apple's model, but the vast majority of the customer base for phones is not someone with a technical background who could attempt it.

Also note, the number of jailbroken iPhones goes down each year. Maybe this is due to jail breaks not adding as much value as the novelty of sticking it to the man (Apple in this case). Or maybe Apple does listen to the jailbreak community and rolls in changes to satisfy their desires, too.

Apple causes market friction since they are early adopters of new directions in technology. They dropped the floppy disc first, the parallel port first, adopted USB keyboards and mice first, adopted thunderbolt ports first, moved to SDD only systems, etc. They were trashed for those moves, too. Now you would be hard pressed to fins a PC that is not "legacy free".

[Norm Lenhart]

The myth that Apple is secure. Because nothing is secure. And this proved it.

The Ilok 1 copy protection system used by many was thought to be unbreakable. After people invested thousands of dollars in false security it was broken and several companies went belly up from piracy. Nothing is secure. nothing.