Strategy, Vulnerability management, Threats, Malware

Popularity of Apple devices draws malware, report

January 26, 2010

Updated Wednesday, Jan. 27, 2010 at 2:15 p.m. EST

As Apple introduces its iPad tablet device at a press event in California, a discussion of the security implications will not likely be a part of the hoopla. While the device is already being touted as a game-changer in the publishing industry, reportedly introducing a new digital platform with a 10-inch screen for the delivery of newspaper and magazine content, what's likely to follow within months of the debut, if history is any precedent, is a new wave of malware targeting the device. Users tuning in for their daily news feed or perusing copies of their favorite magazines may become victims of new iterations of malware likely intended to make off with their passwords and personal information to then be offered for sale in the nether regions of cyberspace.

This scenario echoes Apple's January 2009 introduction of new software at Macworld Expo, a forum the company traditionally uses to roll-out new products and to announce updates to existing ones. According to a just released annual report, The Year in Mac Security, from Intego, an internet and software vendor for Apple platforms, following the release of an update to Apple's iWork '09 suite of software, malware writers immediately introduced the iServices Trojan Horse as a supplement hidden inside an installer available to users downloading bootlegged versions from BitTorrent and other grey and black market distributors of pirated software.

Despite the fact that the file was 450 MB, Intego found that within a short time, more than 20,000 people had downloaded the pirated software. Along with the legitimate functions, they received a trojan that opened a backdoor on their Macs that tethered the infected machines to remote servers which spewed out new code. This effectively enlisted the infected machines in a botnet involved in distributed denial-of-service attacks and other nefarious actions.

The Intego report stated that following up on the successful implementation, the same cybergang issued the next version of their malware planted in Adobe Photoshop CS4 for Mac, again distributed via BitTorrent. Then, in April, Intego detected proof-of-concept malware, Tored.A, that was created in RealBasic code. This self-contained app tried to copy itself to root folders on Macs and then siphoned email addresses from the Mac utility Address Book and sent emails containing the malware. The virus was also capable of linking the user machine to a botnet and recording keystrokes.

While the Apple OS is more secure than that on Windows machines, a number of security issues involved flaws in software for Apple systems and the OS itself, the report pointed out. This necessitated the Cupertino, Calif-based giant issuing 39 security updates in 2009, covering hardware, the Mac OS X, as well as Apple software. This is in addition to fixes that were issued throughout the year for specific software, such as for the Safari browser, Adobe Acrobat, iTunes, QuickTime and GarageBand.

A tide turned when Apple announced in August that Snow Leopard, the latest update to its OS, would contain an anti-virus feature. This followed years of the company claiming that its OS was invincible from virus and malware attacks. Intego's report, however, said the built-in anti-malware feature was limited in its effectiveness and range, capable of thwarting attack from only two trojans and only from files downloaded with a small number of applications. As of January 2010, this feature had not been updated, the Intego report said.

Security holes were not limited to Mac desktops and laptops. The popularity of the Apple iPhone drew attention from malware writers as well in 2009. When Apple issued an update to the mobile device's OS in June, it contained patches for more than 40 security flaws. And, in July, at a conference in Singapore, Charlie Miller, a Mac hacker who works for Baltimore-based Independent Security Evaluators, unveiled a flaw in the manner in which the iPhone processes text messages, which reportedly can enable an attacker to take control of the device and eavesdrop or locate a user through the phone's GPS capability. This flaw was patched by Apple the next month.

Jailbreaking, the act of unlocking an iPhone to allow for the installation of unauthorized software, a trick many users implement to allow them to use networks other than the proprietary AT&T, was responsible for a number of security concerns in 2009 as well. Besides invalidating the warranty, once a device is jailbroken, a majority of security precautions embedded in the device's OS are removed. Further, updates are no longer available to these devices, so when Apple released version 3.1 in September with 10 security patches, the push could not protect those with jailbroken iPhones.

As might be expected, malware authors began targeting the compromised devices with mischievous tweaks, as well as money-making schemes. Using port scanning to find unsecured iPhones, a Dutch hacker sent SMS messages with an offer to secure the device – for five euros. Another hacker tool was discovered by Intego in November that was capable of copying personal information from jailbroken iPhones, without the owner's knowledge.

While the past year saw an alarming increase in malware attacks targeting Mac platforms, the report's conclusion may be even more dire. "Many of these operating system vulnerabilities pave the way for unseen malware attacks," the report said.

This warning may prove prescient considering the release on Wednesday of Apple's iPad.

"As innovative technologies and devices become more and more popular, it is clear that malicious hackers will continue to target new devices," Shahar Kaminitz, CEO and founder of WorkLight, a leader in secure widgets and applications for mobile, desktop and web, told SCMagazineUS.com on Wednesday.

"As a result, many of the security best practices that were developed for browser-based applications need to be revisited. The latest report on the state of Apple security issued by Intego is a testament to this fact. This is particularly relevant for businesses that have recognized popular devices, such as the iPhone, as part of their marketing and business strategies. As companies in online retail, financial services and other industries now turn to these devices as a way to reach customers and offer their services, they must find ways to mitigate emergent security risks."

prestitial ad