Apple Is Blocking Infected Apps

Chinese iOS users were at risk of being infected by the malware if they connected their non-jailbroken device to a Mac which was running one of the affected apps.

Apple Is Blocking Infected Apps

Apple Inc. (NASDAQ:AAPL) has since stated: “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”

Security risks

A security company called Palo Alto Networks was the first to report the issue in a white paper. However security researcher Jonathan Zdziarski has since written a blog post, in which he warns against complacency after the apparently easy blocking of WireLurker.

“The bigger issue here is not WireLurker itself; WireLurker appears to be in its infancy, and is mostly a collection of scripts, property lists, and binaries all duct-taped together on the desktop, making it easy to detect. The real issue is that the design of iOS’ pairing mechanism allows for more sophisticated variants of this approach to easily be weaponized,” he wrote.

The problem with Apple’s trusted devices

A more professional attack of this kind could cause major damage because once a device is paired with a Mac, there are almost no limits as to what the Mac can do to the device.

Zdziarski advocates three changes in order to improve iOS security. He says there need to be far more specific warnings about installing apps, which can currently be installed by clicking on just one prompt. Next he urges Apple to disable Enterprise Mode by default, because the feature is used by a small minority of clients, but leaves the security of all iOS devices at risk.

His last point concerns permissions given to apps. He says that apps should have to ask the user for permission to install software, and only iTunes and Xcode should be able to do so freely. Zdziarski advocates a much tighter management of “Trusted Pairing Relationships,” with apps having to ask permission to access the data, just as they for contacts and geo-location.



About the Author

Brendan Byrne
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. To contact Brendan or give him an exclusive, please contact him at theflask@gmail.com