Pulse Employee

-September 17, 2015

Apple’s Biggest Hack Ever? Over 225,000 Accounts Compromised

Nearly a quarter million Apple IDs hacked and information stolen via a malware attack of jailbroken iPhones! This is disconcerting and not the kind of news you want to read about among the ever growing number of security breaches.

Malware infections of mobile devices are steadily on the rise and the popularity of Apple phones make them a potentially lucrative target for cyber attacks. Studies have shown that a staggering 16 million mobile devices were infected with malware in 2014. Android devices were so far believed to be more vulnerable to security attacks than iOS devices. The scenario looks even worse after this most recent incident. The hack on Apple devices, called “KeyRaider”, was discovered by security company Palo Alto Networks (PANW) along with Chinese tech group WeipTech.

The risk of Jailbroken devices KeyRaider allegedly originated from China and spread to 18 countries including US, Canada, UK, China, Germany, Australia and Russia. A crucial point to note here is that this attack impacted jailbroken devices only. Unfortunately, end users removed the built-in security restrictions integrated into Apple devices by intentionally installing software exploits which left them vulnerable to malware which would have otherwise been blocked by Apple’s security scheme. This puts attackers on the victory stand—aided and abetted by end users who unwittingly invited them in!

What did the Malware do? According to the Palo Alto Networks website, “KeyRaider steals Apple push notification service certificates and private keys, steals and shares AppStore purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.”

In a nutshell, this powerful malware is wreaking havoc:

  • It accesses iOS devices jailbroken through Cydia* and intercepts iTunes traffic.
  • Steals Apple user account details including passwords, device GUID, transaction history, and then uploads it to a separate Command and Control (C2) server.
  • Holds your phone for ransom, i.e. blocks access to your device (iPhones & iPads) by disabling local and remote unlocking until a sum of money is paid to the hacker.
  • Makes in-app purchases without your permission or knowledge while you pay for it. App purchases reflect on your devices while you stay oblivious to the transactions.

*Cydia is an alternative to Apple’s App Store for “jailbroken” devices; at this time including iPhone, iPad, and iPod Touch3

Implications for Enterprises So far we have only discussed individual Apple device users. Once you place these users in the context of an enterprise environment, the issue becomes even more severe. The vulnerability of devices, and the services they access, in a BYOD set up has far-reaching consequences. Imagine the very realistic scenarios whereby confidential company data is leaked / lost as a result of unauthorized access to sensitive corporate information systems.

The questions you need to ask while selecting your BYOD and secure access enterprise solutions are:

  • Does it provide continuous protection from unauthorized access?
  • Does it ensure that devices access your network meet minimum security requirements, thereby safeguarding employee devices against such malware attacks?
  • Does it support robust authentication and authorization policies to ensure the integrity of user and device credentials?
  • Does it monitor system activity, assess the health of devices and provide security alerts?
  • Does it support any and all mobile apps, not just those that require app wrapping or SDK modification?