WireLurker, the iOS malware hitting headlines this morning, is just another proof point that malware authors are turning their heads toward the tiny computers living in your pockets. The malware, which was found by Palo Alto Networks, allegedly can move from an infected PC to a iOS device through a USB cord and may otherwise be distributed through third-party app stores. Apple released a statement saying that it has blocked the infected applications to stop them from launching and otherwise recommends you only download apps from trusted sources. We agree.
Check out our chief technology officer Kevin Mahaffey’s take on the malware:
“What's interesting here is that malware attacked a PC in order to gain access to a mobile device, not to attack the PC—yet another sign that mobile is becoming the dominant computing platform. Historically, attackers have focused their efforts on Android, given its popularity. Now, as the number of iOS devices has grown, especially in geographies where malware tends to originate, iPhones and iPads have become attractive attack targets as well.”
How much do we have to worry about iOS threats?
Right now iOS threats are low in comparison to Android threats on the whole. This traditionally has been because the market for iOS just isn’t as big as Android. Bad guys tend to go after low-hanging fruit, the targets that will get them the biggest reward with the least effort. But as Google amps up its security and iOS gains marketshare, we imagine there will be more interest in iOS malware creation.
How do I stay safe?
Security is all about being proactive and user behavior plays a big role in ensuring you stay safe. There are many simple measures people can take to protect themselves from threats.
People should avoid:
- Setting weak or nonexistent passcodes/passwords
- Side-loading, excessively transferring data between two or more local devices (laptop and smartphone is the most common interaction)
- Jailbreaking your iPhone and downloading from third-party app stores
- Going around traditional settings when configuring your device unless you are aware of the risks and know how to customize your settings safely
Best practices people should follow:
- Use a complex password of at least eight characters including numbers, special characters, and that isn’t based on a dictionary word. Alternatively you can use a number of dictionary words to create a “passphrase.”
- Use two-factor authentication for all your accounts, which is a two-step login process most commonly requiring a password and a security question before granting access. This is especially important for accounts that hold sensitive data such as photos, credit card numbers and personal identifiable information.
- Make sure to install the updates to existing apps on your phone. App updates can include patches to security flaws or vulnerabilities discovered since the last version release.