One of these days the public
was thrilled by the news of the fierce Chinese virus WireLurker, who managed to infect the iPhone without jailbreak, after fouling in OS X. Special harm hooligan software has not yet dealt, except for 400 thousand. Mac infected in China, although unpleasant precedent. Apple reacted very quickly to the threat by blocking the launch of known infected applications on users' computers, but judging by the reaction of experts, the company is trying to deal only with the consequences and not the cause.
Recall that until WireLurker rages only in China, settling in local analog App Store, which often spreads through pirated software. One of the most visible and appeared infected Maiyadi App Store. Download files from malicious software, the user unwittingly infect your computer, and then when you connect iPhone to the USB virus gets on your smartphone and starts going on there lewdness. If there is a jailbreak, then the malware monitors the user's financial applications like AliPay. If no dzheylbreka, WireLurker installs a fake, but a secure application-comics, showing the real possibilities of the virus in the performance of almost any code on the allegedly protected smartphone.
Apple has updated the security certificates that are used for WireLurker its introduction, and thus block more than 400 infected applications that help in spreading the virus. This was stated by the official representative of the company, adding that Apple recommends downloading and installing applications only from trusted sources (ie from corporate App Store).
In turn, the security expert Jonathan Zdziarski wrote in Palo Alto Networks, it is too early to rejoice and real problems have not yet started:
The main problem is not in the WireLurker. In the current state of the virus only in its harmless "infancy" of age and for the most part consists of a set of scripts, lists and binary code ineptly twisted together "Scotch" and are easily detected in the system. The real danger is the mechanism of interaction and interface iOS-devices and Mac, in which you can implement more sophisticated versions of the application of the open method of Chinese ...
WireLurker was obviously written by amateurs, but professional hackers and experienced burglars can take this method to adopt and easy to create a much more effective and dangerous software.
Jonathan Zdziarski, computer security specialist
According to Zdziarski, the root of the problem stems from those great opportunities that have paired the Mac and iOS-gadget. Once you are connected, for example, MacBook and iPhone, while agreeing that this is the trusted device, and click in the dialog box "Yes", you are actually given the Mac complete freedom in what he can do in iOS. One thing is when malicious code that is trying to do within a fairly closed the mobile platform, and quite another when he rages in a much more powerful and open OS X.
Automatic solution to the problem yet. You know that the most important virus - is the user, and no anti-virus does not protect against human stupidity or ignorance. But some action Apple can still take.
In particular, Zdziarski recommends warning about installing an unsigned software more visible. Now only a small window pops up with small text, a warning that you are installing unsafe application that has not been tested at Apple. Do you think someone is reading it? Man presses "OK", they say, is familiar, and runs the program. And then do not read what is written there and clicks on everything that is pressed, just to run the software faster.
The second important point - it off "Enterprise Mode» (Enterprise Mode) by default, because it uses a very small portion of people who will be able to easily activate the desired option. The vast majority of users never in my life do not need to install specialized enterprise software to your device.
The third step is to improve the safety of the platform - a request from the user rights to install the software on the iOS-device, as it is implemented, for example, when requesting applications to access the contacts or geolocation system. By default, this right should be only in iTunes, Xcode, by which the malware itself is not crawl.
Specialist and suggested a number of technically more complicated steps, but those described above can be implemented quickly and Apple without much effort and resources, while at times increase the security of iOS and prepare for potential attacks more professional clones WireLurker.
http://www.iphones.ru/iNotes/387535
No comments :
Post a Comment