The age of Apple security innocence appears to be over. Hot on the heels of the ‘Fappening’ celebrity iCloud breach, a just-discovered virus dubbed WireLurker is infecting both jailbroken and non-jailbroken iOS tablets and handsets in the hundreds of thousands.
It appears to be the first case of malware that can threat and infect iOS applications like a traditional PC virus, and it is quite sophisticated. More than 450 infected apps on China’s Maiyadi third-party app store have been downloaded over 350,000 times. While the outbreak is mainly affecting China, the bug’s ability to auto-spawn infected software threatens to spread the infection further.
It used to be a safe assumption that Apple devices and systems were less vulnerable to this kind of attack. Back in the days when ‘Macs’ were mainly used by media types, Microsoft systems were the target of choice for hackers and malware coders. Now that computing has gone mobile and massively popular iOS devices have opened up to developers and enterprises, not even Apple’s relatively ‘closed’ OS can be assumed to be safe from attack.
The malware’s ultimate goal is still unclear, however once a device is infected, we know WireLurker will access any contacts, scan iMessages, and extract detailed device information, all of which is sent to the attacker’s server. In addition to entering devices through compromised apps, it can also gain access via USB, and even potentially through an infected power adapter. Spreading the infection to Mac notebooks may be a risk as well if an iPhone or iPad is connected to an OSX device via USB cable.
Once only a concern for their IT security team, defending against malware and data loss is quickly becoming a critical issue for mobility managers as well. Leaky iOS apps have long been a concern for privacy advocates, but their apparent vulnerability to malware attack raises the risk that corporate data could be accessed by thieves, competitors or even state-level actors. Whilst ‘open source’ Android devices have always been assumed to be the most vulnerable to attack, the emergence of a serious iOS bug like WireLurker changes the game.
This intensifying threat environment for mobile makes adding a Mobile Data Gateway to your security infrastructure a business critical priority. With it you can detect when a device becomes infected, giving IT managers early-warning of infection and measures they can take to neutralize the threat on any employee devices.
On Friday November 7 Apple reported it has blocked WireLurker. Apple did this by revoking the enterprise distribution certificate that was used to resign these infected apps. However, this block doesn’t help with jailbroken devices. It’s also worth noting, that hackers may now try exploit another enterprise distribution certificate and circulate this all over again until Apple catches it. With Wandera’s Mobile Data Gateway, we are able to detect variants that are independent of enterprise distribution certificates or app IDs, making our detection capabilities much more dynamic solution than Apple and MDMs.
Wandera’s Mobile Data Report provides more insight on the malware and other threats that risk company IP and push up monthly costs.