<a href="https://nanotek navigate here.ca/wp-content/uploads/2015/12/WireLurker_Wide.png” rel=”attachment wp-att-787″>It’s simply a fact of life nowadays that every operating system, application or possibly even hardware component could be subject to vulnerabilities and security threats, whether known or unknown. Apple’s turn on the merry-go-round came up last week thanks to an outburst of malware called Wirelurker.
Wirelurker hit hundreds of thousands of iOS devices through a Chinese third-party app provider that was delivering pirated programs. It installed itself as a system component using code obfuscation to make thwart detection, waited for other devices to connect via USB, then grabbed private data such as the device serial number, iTunes information, and phone number and sent it to another server. Often other unwanted apps were installed as well, adding to the mayhem. Apple pulled the plug on the problem by blocking the related applications from launching (revoking related certificates is another mechanism they can use), so at present it appears Wirelurker has been neutralized. However, if you’d like to check to be sure, here is a script provided by GitHub to detect WireLurker malware.
You could argue that this is no big deal since it happened elsewhere in the world, users who install pirated apps get what’s coming to them (although to be fair sometimes users don’t even know for a fact that the software was pirated), and Apple handled the situation. However, the overall implications of Wirelurker are worth analyzing. As many malicious programs will do, Wirelurker succeeded by taking advantage of something that’s supposed to facilitate easy usage: in this case it compromised the iOS pairing mechanism. This is only the second time in history that malware has managed to target iOS devices via USB, and it is the first time malware has been capable of automatically creating malicious iOS applications or to infect existing iOS applications. Perhaps even more significant is the fact this is the first malware to install other applications on iOS devices which have not been jailbroken. In short, expect to see more stuff like this.
What’s to be done? It’s not enough to wait for Apple (or some other John Wayne) to ride to the rescue. Standard common-sense security precautions apply here. Keep your iOS device up to date with the latest software releases and use a regularly updated anti-malware product on your devices/computers. Don’t download apps from suspicious sources (at the very least research the app and the source to see if it’s being negatively reported for malware). It’s worth stating that one common security tip is “Don’t jailbreak your iOS device” but as I stated these devices didn’t have to be jailbroken to be impacted by Wirelurker. If you do jailbreak your device, only use credible sources and don’t keep any sensitive personal information on it. And finally, don’t pair your device with anything not 100% trustworthy, and don’t power it up from an unknown source.
Looking ahead Wirelurker wasn’t necessarily a big surprise to everyone; Mr. McCafferty informed me that “this form of malware and identity theft code was predicted and warnings were placed by Black Hat, an international ethical hacker user group, that this form of attack was inevitable. WireLurker is just the first to go rogue on a global scale and capture the attention of the media.” To paraphrase the old saying, when one door closes a window opens. As we wait for the next Wirelurker to float down the river I recommend keeping current with security advisories and exploit news.