Malware and iOS? No one is ever safe from disaster.
Brace yourself: Malware and iOS are in the same sentence.
Yes, you have read correctly. Malware and iOS are getting to know one another. Thanks to Apple’s superior app vetting process, the ever-popular iPhones have been nearly impossible to penetrate in the past. That said, the security company Palo Alto Networks announced it found a Trojan that exploits flaws in Apple’s DRM, which has been coined as “AceDeceiver.”
So how does it work? People who are looking for iTunes, but instead download “AiSiHelper”, a program that mimics iTunes, will be infected. When they plug in their iOS device, attackers can send an authorization code to trick a victim’s device to make it believe it purchased the app, and then it will download it. After the app has been downloaded, it will prompt them for their Apple ID and password, which the attacker’s then have access to. No bueno.
While this is very bad news for Apple as well as its loyal users, don’t panic just yet. For starters, AceDeceiver only activates when the device’s geotag is in China. So, that’s something. . .at least more now. Next, Apple immediately removed the problematic apps once the were notified of the malware, which should mitigate the impact to an extent. Lastly, and perhaps most reassuring, is that so far only Windows PC users are at risk. However, there is no telling how long it will take for the approach to be copied and applied to target the elusive Apple devices.
So, what do that mean if you’re a Mac user? Whether you are an individual Apple enthusiast or a business, hearing the words malware and iOS is alarming. In general, you can help keep your system clean by adjusting the security settings to allow only Mac App Store apps to be installed. This setting can be found under the Apple menu in System Preferences > Security & Privacy > General.
If you are a business, well you need to get savvy and make sure you are prepared for the malware to make their way to Apple–eventually. While you may not be able to stop the attack, you can make sure you have a backup plan in place for all business critical data and applications. If your disaster recovery plan has some dust on it, give us a contact us–we can help.