i O S T H R E A T SThe State of iOS Security

The iOS App Store is not the impenetrable walled

garden you think it is.

T O P M Y T H S A B O U T A P P L E S E C U R I T Y

1# M Y T H : The Apple App Store has never had malware in it

FA C T : The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.

3# M Y T H :

FA C Tdevices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.

2# M Y T H :

FA C Ttypes of attacks as Android malware including data exfiltration and surveillance.

T O P M Y T H S A B O U T A P P L E S E C U R I T Y

1# M Y T H :

FA C Tmalware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.

3# M Y T H :

FA C Tdevices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.

2# M Y T H : Apple devices cannot be attacked like Android

FA C T : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.

T O P M Y T H S A B O U T A P P L E S E C U R I T Y

1# M Y T H :

FA C Tmalware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts.

3# M Y T H : Threats on iOS only affect jailbroken devices

FA C T : Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create.

2# M Y T H :

FA C Ttypes of attacks as Android malware including data exfiltration and surveillance.

Today, iOS malware looks a lot like Android

malware in 2010.

Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream.

Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken

devices, and finally sneaking into the official App Store

Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first

Android malware in the Google Play store called DroidDream.

Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken

devices, and finally sneaking into the official App Store.

K E V I N M A H A F F E Y

Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the

largest platforms first. Criminals are soon going to double down on iOS with targeted attacks.

Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.

H A C K I N G TO O L S

V U L N E R A B I L I T I E S

M A LW A R E

!Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means.

!Software holes in the iOS platform that could be exploited to own iOS devices.

!Apps that take user data or negatively impact the device without the user’s knowledge or permission.

i O S T H R E A T S T O D A T E

What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:

i O S T H R E A T S T O D A T E

2009

Ikee First piece of iOS malware.

2010

JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone.

2011

Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved.

2012

Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.

i O S T H R E A T S T O D A T E2013

Evasi0n !Mactans !Jekyll and Hyde

2014

Keyboard contents bug !Xsser mRAT !Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. !WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone.

2015

XAgent

The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.

STAY SAFE !

Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what

you're doing and, of course, have a security app in place!

For more mobile security information, follow