Pinterest Stumbleupon Whatsapp
Ads by Google

Apple has historically marketed its desktop products as being impervious to the rampant malware that plagued Microsoft systems in the early 2000s, but the iPhone’s swelling popularity has made it a prime target.

According to reports, malware affecting “thousands” of iPhones can steal App Store credentials – but the majority of iOS users remain perfectly safe. Here’s what you need to know about malware and Apple’s approach to mobile security.

What is Malware?

Malware is a portmanteau of ‘malicious’ and ‘software’, and it refers to any software that forcibly gains access to, gathers data from or disrupts the otherwise normal operation of a device – often with damaging consequences.

iphone-malware

The behavior of malware varies, as does the severity of a malware infection What To Do If You Think Your Computer Has Been Hacked Into What To Do If You Think Your Computer Has Been Hacked Into Have you ever had your computer hacked, or wondered if some off mouse movement was down to an online intruder? The threat remains a potent one, but with adequate security software installed on your computer... Read More . Some variants – like Cryptolocker CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker Is The Nastiest Malware Ever & Here's What You Can Do CryptoLocker is a type of malicious software that renders your computer entirely unusable by encrypting all of your files. It then demands monetary payment before access to your computer is returned. Read More and Aussie specific Torrentlocker TorrentLocker Is A New Ransomware Down Under. And It's Evil. TorrentLocker Is A New Ransomware Down Under. And It's Evil. Read More – encrypt files and force the victims to pay a ransom to get their files back. Others capture every key-press Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More , relaying it back to an attacker who then pores over it, looking for usernames, passwords and credit card details.

These varieties of malicious software have been long associated with desktop operating systems. But, for the most part, iOS has somehow escaped the worst of it. Why? Well, some very clever design choices on the part of Apple.

Ads by Google

Why is iOS Secure?

Apple designed iOS with an emphasis on security, and made a number of architectural decisions that made it a fundamentally secure system. As a result Apple has ensured that malware on iOS is the exception, not the rule.

iphone-iphone

Walled Garden

Apple has exercised an incredible amount of control over their platform. This even extends to the sources where users can download apps. The only officially supported and authorized place to get third-party applications is though Apple’s official App Store.

iphone-walled

This has done a lot to prevent users from accidentally downloading malware as they browse through the darkest recesses of the Internet. But that’s not all. Apple has a number of stringent security procedures that prevent malware from getting on to the App Store in the first place, including static analysis of all submitted source code.

That said, this system is not foolproof. In 2013, researchers at Georgia Tech managed to submit a malicious program to the App Store. Dubbed ‘Jekyll‘, it could post Tweets, send emails and make calls, all without the permission of the user. Jekyll was removed from the App Store shortly last year.

Sandboxing

All applications installed on an iPhone are isolated from each other, and from the underlying operating system. So, an installed application would be physically unable to remove vital system files, and would be unable to perform an unauthorized action on a third party application, except through authorized API calls What Are APIs, And How Are Open APIs Changing The Internet What Are APIs, And How Are Open APIs Changing The Internet Have you ever wondered how programs on your computer and the websites you visit "talk" to each other? Read More .

iphone-sandbox

This technique is called Sandboxing, and is a vital part of the iOS security process. All iOS applications are sandboxed from each other, ensuring that any avenues for malicious activity are limited.

Permissions

At the core of iOS is a variant of UNIX called BSD. Much like cousin Linux, BSD is secure by design. That is partly due to something called the UNIX security model. This essentially boils down to carefully controlled permissions.

In UNIX, who gets to read, write, delete or execute a file is carefully specified in something called file permissions. Some files are owned by ‘root’, which is effectively a user with what are effectively ‘God permissions’. To change these permissions, or to access these files, one has to open them as the ‘root’ user.

Root access can also be used to execute arbitrary code, which can be dangerous to the system. Apple intentionally denies users root access. For the majority of iOS users, there’s no real need for it.

As a result of Apple’s security architecture, malware affecting iOS devices is unfathomably rare. Of course there is one exception: jailbroken devices.

What Is Jailbreaking And Why Can It Be Bad?

Jailbreaking is a term used to describe the process of removing the restrictions Apple places Jailbreaking & iOS: The Pros and Cons of Voiding Your Warranty Jailbreaking & iOS: The Pros and Cons of Voiding Your Warranty Have you been feeling the need to jailbreak recently? With the latest tools, freeing your iPhone, iPod Touch or iPad (not iPad 2) is as easy and accessible as it’s likely to get. There are... Read More  on its operating system.

It allows users to access parts of the operating system that were previously off-limits, download apps from third party sources such as Cydia, use apps that have been banned by Apple (like the Grooveshark app Grooveshark - Free Legal Online Music Grooveshark - Free Legal Online Music Read More ) and tweak or customize the core OS.
iphone-jail

There are a number of serious security risks associated with jailbreaking an iOS device, and we’ve recently summed up some of the reasons you might want to avoid the practice 4 Compelling Security Reasons Not To Jailbreak Your iPhone or iPad 4 Compelling Security Reasons Not To Jailbreak Your iPhone or iPad Read More .

Crucially, applications that haven’t gone through Apple’s rigorous security testing process can be dangerous and even compromise the security of applications that have already been installed. The default iOS root password is well known and rarely changed, which is a real concern for anyone installing software from third party sources. Apple is clear about its policy with jailbreaking: updates cannot be installed without reverting to stock iOS Update Or Restore Your Jailbroken iPhone Or iPad To Stock The Right Way Update Or Restore Your Jailbroken iPhone Or iPad To Stock The Right Way You've had your fun flouting Apple's restrictions, and now you want vanilla iOS back in all its glory. Luckily the process is even easier than jailbreaking. Read More .

At present there is a very real threat from malware targeting jailbroken devices called AppBuyer, and getting infected can cost you dearly.

iPhone Malware In The Wild

Well-known and respected network security firm PaloAlto Networks recently encountered an iOS virus in the wild that has infected thousands of iOS devices. They called it AppBuyer, due to how it steals App Store credentials, and then purchases applications.

It’s not been definitively proven how it infects devices, but what is known is that it can only infect devices have been jailbroken. Once installed, AppBuyer waits for victims to connect to the legitimate App Store, and intercepts their username and password in transit. This is then forwarded to a command and control server.

iphone-appstore

Shortly after, the malware downloads some more malicious software that is disguised as a utility for unlocking .GZIP files. This uses the user’s credentials to purchase multiple applications from the official App Store.

There’s no clear way of removing AppBuyer. The official advice from Palo Alto Networks is to not jailbreak your iOS devices in the first place. Should you get infected, you’d be well advised to reset your Apple credentials, and to reinstall the stock iOS operating system.

The low-level details of how AppBuyer works are described further in an excellent blog post from Palo Alto Networks.

An Unclear Yet Present Threat

In short: yes, your iPhone can get infected with malware. But realistically, this is only possible if you jailbreak it. Want a secure iPhone? Don’t jailbreak it. Want a super-secure iPhone? Read into hardening.

Do you jailbreak your phone? Had any security issues? Tell me about it, the comments box is below.

PhotoCredit: Denys Prykhodov / Shutterstock.comKilmainham Gaol (Sean Munson)360b / Shutterstock.com

  1. Gary
    June 20, 2016 at 4:01 am

    I keep getting a pop up ad saying I've won a new iPhone- I can get past it. I've tried the pop up block apps to no avail. It large lay happens when playing words with friends- it started after I received an email from att called att protect. Connected? What can I do?

  2. Mai
    May 8, 2016 at 12:41 am

    Hello , i got an email as if it was from whatsapp that I received a warning sound message , i opened it , it was a zipped folder , i am too terrified, of ppl trying to get access to my content, should i ?

  3. cporterfield
    October 4, 2015 at 4:25 pm

    iPhone 5, not jail broken, IOS up to date. Safari keeps giving message that I won a prize. Persists after hard reset and clearing search history in settings. Do I have a virus?

  4. Cindy Callahan
    July 23, 2015 at 2:19 pm

    I bought my iPhone 4S new from an apple store (not recently, obviously) and I have never made any attempt to jailbreak it. Nonetheless, about a month ago, what I can only imagine is some form of malware started causing problems for me rendering the internet aspects of my phone usage nearly unusable. Whether I am using Safari directly, trying to read an article I linked to from facebook, or even just trying to open a flyer from an email in the gmail app, the same thing keeps happening: a few seconds after the page loads, it redirects me to some stupid website such as a dating website, or nonsense about me having been selected for a free iPhone 6, or some other junk. I cannot simply click back to the site I was trying to view. It is extremely frustrating. It took me about 4 attempts just to be able to load this article to read without being redirected.

    Everything I read tells me that iPhones can only get malware or viruses if they have been jailbroken. My phone has not been jailbroken. So, if this isn't malware, what is it and what can I do about it?

    • Rachel
      January 12, 2016 at 12:21 am

      Hi Cindy, I am having the same problem.. Did you find a solution by any chance? Many thanks

    • Fabrizio
      June 11, 2016 at 5:11 pm

      Some thing similar happened to me one day I went on safari I clicked on the website I was trying to go on and it said right away that your iOS might danger etc and I know that means you have malware if you are on a pc but what I've hear you only can get it if you have jail broken your iPhone I never jail broken this iPhone so is the website a troll or something what do I do ? I've actually have got malware on my of once and when you get malware on a website it stats reading what going to happen to computer and it's black letters on a blue background but mine was black red letters with a white background and my iPhone did not read it and I was able to leave because a pop out popes out saying to close this website and I clicked close and the pop out was a apple pop out it wasn't a random pop out it was a like any pop out from Apple you would get like when you get notification do I have malware?

  5. umesh chandra
    January 14, 2015 at 11:44 am

    mere mobile mai rom pat malware troijan virus aa gaya hai mera mobile micromaxA67hai meri help karo or main 360 antivirus hai grant root privilege antivirus requirement.

  6. Daniel E
    September 25, 2014 at 2:42 am

    At the core of iOS is a variant of UNIX called BSD.

    Not entirely. Its kernel is XNU, the kernel of Darwin, which in turn is mainly the Mach 3 microkernel, together with stacks from BSD, and an object-oriented device driver API.

    • Matthew H
      September 26, 2014 at 2:13 pm

      Good find! Thanks for your comment!

  7. TomMcIn
    September 24, 2014 at 2:57 pm

    To claim a number of reports say that many iPhones are infected with malware is based on the principle that most reporters are dumber than fenceposts and usually just copy any asinine statements made by other fenceposts.
    In fairness to the author, this is a good article and does point out the dangers of jailbreaking an iPhone. He is one of the few that see the problem for what it is and not as a way of creating click-bait titles.
    Thank you.

    • Matthew H
      September 24, 2014 at 3:22 pm

      Thanks! I think...

  8. likefunbutnot
    September 23, 2014 at 10:55 pm

    iOS devices and apps are also subject to Javascript attacks. While those attacks don't meet the technical definition of malware, there's no modern web browser on any platform that's immune to having a rogue script using saved credentials from its password manager to do something undesirable.

    • Matthew H
      September 24, 2014 at 3:22 pm

      Interesting. Thanks for the comment!

Leave a Reply

Your email address will not be published. Required fields are marked *