MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.
Issue link: https://digital.macdirectory.com/i/179817
INSIGHT APPLE SECURITY ALERT > HACKING TRICKS WORDS BY ANDREA DE LEON Worldwide smartphone sales are expected to reach 1.5 billion units in 2017, more than doubling the 712 million sold in 2012, according to a recent "Mobile & Wireless Communications Report" from information and analytics provider IHS Inc. It only follows that mobile devices will soon become a larger target for viruses and malware that currently affect mostly PC's. Apple products have been widely recognized in the technology world as the most secure devices on the market. The iPhone has never actually seen a virus and its only spam app was removed shortly after being discovered. Furthermore, Apple carries only about 30% of the mobile market, and Android carries more than 50%. More than 75% of mobile malware is directed at Android devices, but this does not exempt Apple from continuing to identify potential threats and eliminate them. When the iPhone launched in June 2007, much of Apple's security strategy centered on restricting the use of third-party apps from running on the phone. The iPhone and iPad also "sandbox" the codes in software to minimize the chances of any malware infiltrating its system. However, Apple has encountered a number of threats over the years. In 2007 it was demonstrated that if a virus was downloaded through Safari, it could then force the phone to send any information to a set address. The most recent vulnerabilities have been demonstrated by research scientists Tielei Wang and Billy Lau at the Georgia Tech Information Security Center (GTISC.) The first is a Trojan style virus that manages to pass a review and, once installed can expose the mobile device to malicious hardware. "Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user's knowledge," said Wang. Lau was also able to create a malicious charger he called "Mactans" that appeared genuine and could actually install malicious software into a mobile device. "Despite the plethora of defense mechanisms in iOS, Mactans was able to install arbitrary apps within one minute of being plugged into currentgeneration Apple devices running the latest operating system software," said Lau. "All users are affected, as our approach requires neither a jailbroken device nor user interaction." Notwithstanding the potential threat of Mactans, the most vulnerable devices are iPhones that have been "jailbroken." This allows the user to download and install apps that have not necessarily been approved by the app store; a convenience for many, especially those seeking to switch carriers without having to purchase a new phone. Unfortunately this exposes the user to potential attacks by malware hidden in seemingly innocuous apps. An easy way to avoid these attacks is to simply not "jailbreak" an iPhone. If this is not an option, another is to be very cautious regarding apps downloaded—an iPhone will alert you with a pop-up that will ask you to agree to share information with the app before each installation; if you are uncomfortable sharing, don't download. There are usually several apps that offer the same services that may not demand so much personal information. To date, Apple runs circles around the latest Android and PC technology in terms of security; between the precautions already set in place and researchers like Wang and Lau, users can rest assured that Apple will continue to seek out potential threats and eliminate them before they can take root. MacDirectory 27