Pinterest Stumbleupon Whatsapp
Advertisement

Apple has historically marketed its desktop products as being impervious to the rampant malware that plagued Microsoft systems in the early 2000s, but the iPhone’s swelling popularity has made it a prime target.

According to reports, malware affecting “thousands” of iPhones can steal App Store credentials – but the majority of iOS users remain perfectly safe. Here’s what you need to know about malware and Apple’s approach to mobile security.

What is Malware?

Malware is a portmanteau of ‘malicious’ and ‘software’, and it refers to any software that forcibly gains access to, gathers data from or disrupts the otherwise normal operation of a device – often with damaging consequences.

iphone-malware

The behavior of malware varies, as does the severity of a malware infection What To Do If You Think Your Computer Has Been Hacked Into What To Do If You Think Your Computer Has Been Hacked Into Have you ever had your computer hacked, or wondered if some off mouse movement was down to an online intruder? The threat remains a potent one, but with adequate security software installed on your computer... Read More . Some variants – like Cryptolocker CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More and Aussie specific Torrentlocker TorrentLocker Is A New Ransomware Down Under. And It's Evil. TorrentLocker Is A New Ransomware Down Under. And It's Evil. Read More – encrypt files and force the victims to pay a ransom to get their files back. Others capture every key-press Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More , relaying it back to an attacker who then pores over it, looking for usernames, passwords and credit card details.

These varieties of malicious software have been long associated with desktop operating systems. But, for the most part, iOS has somehow escaped the worst of it. Why? Well, some very clever design choices on the part of Apple.

Advertisement

Why is iOS Secure?

Apple designed iOS with an emphasis on security, and made a number of architectural decisions that made it a fundamentally secure system. As a result Apple has ensured that malware on iOS is the exception, not the rule.

iphone-iphone

Walled Garden

Apple has exercised an incredible amount of control over their platform. This even extends to the sources where users can download apps. The only officially supported and authorized place to get third-party applications is though Apple’s official App Store.

iphone-walled

This has done a lot to prevent users from accidentally downloading malware as they browse through the darkest recesses of the Internet. But that’s not all. Apple has a number of stringent security procedures that prevent malware from getting on to the App Store in the first place, including static analysis of all submitted source code.

That said, this system is not foolproof. In 2013, researchers at Georgia Tech managed to submit a malicious program to the App Store. Dubbed ‘Jekyll‘, it could post Tweets, send emails and make calls, all without the permission of the user. Jekyll was removed from the App Store shortly last year.

Sandboxing

All applications installed on an iPhone are isolated from each other, and from the underlying operating system. So, an installed application would be physically unable to remove vital system files, and would be unable to perform an unauthorized action on a third party application, except through authorized API calls What Are APIs, And How Are Open APIs Changing The Internet What Are APIs, And How Are Open APIs Changing The Internet Have you ever wondered how programs on your computer and the websites you visit "talk" to each other? Read More .

iphone-sandbox

This technique is called Sandboxing, and is a vital part of the iOS security process. All iOS applications are sandboxed from each other, ensuring that any avenues for malicious activity are limited.

Permissions

At the core of iOS is a variant of UNIX called BSD. Much like cousin Linux, BSD is secure by design. That is partly due to something called the UNIX security model. This essentially boils down to carefully controlled permissions.

In UNIX, who gets to read, write, delete or execute a file is carefully specified in something called file permissions. Some files are owned by ‘root’, which is effectively a user with what are effectively ‘God permissions’. To change these permissions, or to access these files, one has to open them as the ‘root’ user.

Root access can also be used to execute arbitrary code, which can be dangerous to the system. Apple intentionally denies users root access. For the majority of iOS users, there’s no real need for it.

As a result of Apple’s security architecture, malware affecting iOS devices is unfathomably rare. Of course there is one exception: jailbroken devices.

What Is Jailbreaking And Why Can It Be Bad?

Jailbreaking is a term used to describe the process of removing the restrictions Apple places Jailbreaking & iOS: The Pros and Cons of Voiding Your Warranty Jailbreaking & iOS: The Pros and Cons of Voiding Your Warranty Have you been feeling the need to jailbreak recently? With the latest tools, freeing your iPhone, iPod Touch or iPad (not iPad 2) is as easy and accessible as it’s likely to get. There are... Read More  on its operating system.

It allows users to access parts of the operating system that were previously off-limits, download apps from third party sources such as Cydia, use apps that have been banned by Apple (like the Grooveshark app Grooveshark - Free Legal Online Music Grooveshark - Free Legal Online Music Read More ) and tweak or customize the core OS.
iphone-jail

There are a number of serious security risks associated with jailbreaking an iOS device, and we’ve recently summed up some of the reasons you might want to avoid the practice 4 Compelling Security Reasons Not To Jailbreak Your iPhone or iPad 4 Compelling Security Reasons Not To Jailbreak Your iPhone or iPad Jailbreaking can get rid of Apple's many restrictions, but before you jailbreak your device it's a good idea to weigh up the benefits and potential drawbacks. Read More .

Crucially, applications that haven’t gone through Apple’s rigorous security testing process can be dangerous and even compromise the security of applications that have already been installed. The default iOS root password is well known and rarely changed, which is a real concern for anyone installing software from third party sources. Apple is clear about its policy with jailbreaking: updates cannot be installed without reverting to stock iOS Update Or Restore Your Jailbroken iPhone Or iPad To Stock The Right Way Update Or Restore Your Jailbroken iPhone Or iPad To Stock The Right Way You've had your fun flouting Apple's restrictions, and now you want vanilla iOS back in all its glory. Luckily the process is even easier than jailbreaking. Read More .

At present there is a very real threat from malware targeting jailbroken devices called AppBuyer, and getting infected can cost you dearly.

iPhone Malware In The Wild

Well-known and respected network security firm PaloAlto Networks recently encountered an iOS virus in the wild that has infected thousands of iOS devices. They called it AppBuyer, due to how it steals App Store credentials, and then purchases applications.

It’s not been definitively proven how it infects devices, but what is known is that it can only infect devices have been jailbroken. Once installed, AppBuyer waits for victims to connect to the legitimate App Store, and intercepts their username and password in transit. This is then forwarded to a command and control server.

iphone-appstore

Shortly after, the malware downloads some more malicious software that is disguised as a utility for unlocking .GZIP files. This uses the user’s credentials to purchase multiple applications from the official App Store.

There’s no clear way of removing AppBuyer. The official advice from Palo Alto Networks is to not jailbreak your iOS devices in the first place. Should you get infected, you’d be well advised to reset your Apple credentials, and to reinstall the stock iOS operating system.

The low-level details of how AppBuyer works are described further in an excellent blog post from Palo Alto Networks.

An Unclear Yet Present Threat

In short: yes, your iPhone can get infected with malware. But realistically, this is only possible if you jailbreak it. Want a secure iPhone? Don’t jailbreak it. Want a super-secure iPhone? Read into hardening.

Do you jailbreak your phone? Had any security issues? Tell me about it, the comments box is below.

PhotoCredit: Denys Prykhodov / Shutterstock.comKilmainham Gaol (Sean Munson)360b / Shutterstock.com

Leave a Reply

Your email address will not be published. Required fields are marked *