Archives for 

iphone

YiSpecter malware can infect non Jailbroken iOS devices


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409

Palo Alto Networks has detected a malware capable of attacking even those non-jailbroken iOS devices. The researchers have named the malware as YiSpecter. It follows unique methods that involves exploiting private APIs in iOS and infecting them. Private APIs are undocumented by Apple and, therefore, avoid being detected. Apple’s App Store has around 100 such applications.

Claud Xiao, a researcher from Palo Alto stated, “What that means is the attacking technique of abusing private APIs can also be used separately and can affect all normal iOS users who only download apps from the App Store.” It is the first time a malware capable of infecting both jailbroken as well as non-jailbroken iPhones and iPads.

YiSpecter

(Image: intego.com)

Attack Scenario

  • The malware has four components with enterprise certifications.
  • These components exploit private APIs and download on the targeted devices.
  • Through a command and control server (C2), these components install each other.
  • Three of these components remain hidden from SpringBoard of iOS.
  • It prevents their detection and deletion.
  • The components use logos and names similar to system applications to avoid detection.
  • Once installed, the malware gets a complete access to the device and can download and install apps, delete existing apps, make changes to the system settings and transmit the device details to the C2 server.

YiSpecter has some unique features. It can infect any iOS device irrespective of the fact whether it is jailbroken or not. Even if a user manually deletes YiSpecter, it reappears automatically. It installs additional apps on the infected devices that behave strangely and displays full-screen advertisements even when a user opens a normal app on the phone. Palo Alto has revealed the details of the DNS and IPS signatures for blocking the traffic of the malware.

YiSpecter is the latest in the line of malware that have presented a grave danger to iOS operated devices. A malware termed WireLurker displayed a similar capability of infecting iOS devices that were non-jailbroken. It exploited the enterprise certificates to infect devices. Another malware, XcodeGhost directly targeted Apple app developers in China. Chinese app developers downloaded infected Xcodes from sites other than Apple’s. These Xcodes looked similar to official Xcodes and hence the developers could not differentiate them from the original. When they developed Apple apps using the forged Xcodes, these apps were infected with malicious codes. Developers unaware of the threats uploaded these infected apps on the App Store and users downloaded and installed these apps on their devices.

Researchers at Palo Alto believe that XcodeGhost and YiSpecter are unrelated despite the similarity that both of them infect non-jailbroken devices. YiSpecter is the biggest threat to iOS security. It combines the two techniques – using enterprise certificates and exploiting private APIs. An attack of this nature is unprecedented and creates serious concerns about the security of Apple devices.

The spread of the malware began in November last year. Researchers at Cheetah Mobile and Qihoo 360, two Chinese software companies, detected a malware early this year and named it Lingdun worm. But they did not reveal many details about its functionalities. Lingdun worm is now a part of YiSpecter

Share Button

XcodeGhost malware infects Apple’s App Store infecting 100’s of apps,scares security experts


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
A malware has always been a major threat to devices, data and user accounts; but the threat increase manifold when a malware is more subtle and deep rooted like the one in an app creation tool! Such threats are real and already exist. XcodeGhost is an example of such malware. The counterfeit Xcode, termed as […]
Share Button
Continue reading →

Apple’s AirDrop flaw leaves users vulnerable to exploit


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Mark Dowd, the head of Australia based Azimuth security has stated that there is a vulnerability in AirDrop, the file sharing service of Apple which allows unauthorized access to the device that can be used for the installation of malware. A user with an AirDrop configuration allowing file sharing with anyone and not merely their […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

IoS 7 Vulnerability Allows ‘FIND MY IPHONE’ Security Feature to be Disabled without password


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Bradley Williams, a security researcher has discovered a vulnerability in iOS 7 that can allow the disabling of ” Find My iPhone” without having to enter a password. This new vulnerability  allows someone who has access to your i-phone to quickly disable  “Find My iPhone” service, which is used to track the location of all registered […]
Share Button
Continue reading →

iOS Starbucks App stores user information in clear text leaves its customers vulnerable


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Security researcher Daniel E. Wood discovered that Starbucks IoS App stores username, email address and passwords in clear text(CVE-2014-0647) . Starbucks mobile payment apps are used widely by customers for its easiness to buy privileges. However this disclosure comes with a surprise because all the customer data gets stored in plain text and easily available for […]
Share Button
Continue reading →

iOS 7 release causing Apple DDoS — Well kidding


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
iOS 7 release was a major news for Apple users. Its unbelievable to see how many users want the cool new Operating system.  This is always the fun part every year when something new comes from Apple. This time its for the new powerful Apple iOS7 release on September 18th. As reported on SANS, the […]
Share Button
Continue reading →

How much risk is Apple’s new fingerprint authentication on the new IPhone 5s ?


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
We have seen fingerprint reader, face recognition authentication for a while. Smartphone manufacturers have been rumoring about this and Apple finally introduces it. Apple announced their new IPhone 5s  with fingerprint reader yesterday.  It’s a cool factor to have fingerprint instead of the password or pattern based authentication. Apple claims that fingerprint is stored local […]
Share Button
Continue reading →

Apple IOS 7 Hacked – Lets Anyone Bypass iPhone Lockscreen To Access Pictures


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Apple’s most advanced operating system has been hacked within 48 hours of release. Its a shame on Apple that they don’t test for Security. Often people are still in denial that Apple has no Security issue. Its all a myth and they need to do something about it. I understand its only Beta but I […]
Share Button
Continue reading →

iPhone passcode hack vulnerability – Physical access to the device needed


Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
  Vulnerability Lab researchers have discovered a second version of a vulnerability that lets a hacker slip past a lock screen to access a user’s contact list, voicemails and many more.  In reality this is a flaw but can only be exploited provided the device is with hacker’s hands. This cannot work from remote execution […]
Share Button
Continue reading →