Security research firm Trend Micro posted yesterday that they’ve found two new pieces of mobile device spyware, potentially linked to a Russian government cyber espionage campaign. Not especially newsworthy in and of itself, there is mobile spyware everywhere, and some research already out there on APT’s (advanced persistent threats) originating in Russia, except that this spyware exploits the Apple iOS operating system, i.e., potentially your and your client’s iPhones and iPads. See the full link here:
A year ago the most recent Apple iOS devices (iPhones 4S and above, iPad 2 and newer) were thought of as very secure, due to Apple’s strict app verification protocols and encryption features on the devices, but over the past year, researchers such as FireEye, and now, potentially, foreign governments, have been able to chip away at that security and exploit previously unknown vulnerabilities in the iOS. It is not entirely clear yet how the new malware infects the iOS, though I would speculate its likely via targeted attacks. If it were being spread through a virus, given that, according to the article, the new malware has been around since before iOS 8 was released, its likely we would have seen that malware already spread far and wide/picked up on by many of the larger research firms and picked apart – think Stuxnet. (Also, incidentally, if you still don’t believe iPhones are vulnerable and want to see a researcher at FireEye initiate a “masque” vulnerability attack on an unsuspecting iPhone, click here.)
The good news according to Trend Micro? If you’ve already upgraded to iOS 8, you should be able to readily see the mystery apps, and “kill” them as you would any other app (XAGENT.A and “Madcap”/XAGENT.B). But as no one still has a 100% handle on what these apps do, and, if you’re infected, you may have been specifically targeted, you may want to either factory reset your phone or get a new device entirely. If you’re still running iOS 7, just “killing” the apps won’t work – you need to upgrade to iOS 8 to make them stop, and you probably should have done so awhile ago anyway. Finally, if you’re foolish enough to have jail-broken your Apple device, its unlikely you’re reading this article anyway, but if so, back up the data you can, factory reset your phone, start over, and update to iOS 8.
The moral of this story is two-fold, 1) we don’t know what we don’t know, i.e., nothing connected to the Internet, not even these Apple devices, will ever be totally-secure and there will always be zero-day vulnerabilities that catch us off-guard, but 2) regularly updating software and applying security patches will mitigate the threats, and therefore go a long way toward protecting your data, as well as your clients’ data.
[Standard disclaimer: Links above, while researched and tested, are to third party web sites. Clicking on such links will take the reader outside of the Reliance web page.]