SlideShare a Scribd company logo

The State of iOS Security

Lookout
Lookout

There is a common belief that iOS devices don't get malware, but the iOS threat landscape is actually quite similar to what we saw on Android in 2010. Read the blog: https://blog.lookout.com/blog/2015/03/05/the-state-of-ios-security/

TechnologyMobile
1 of 14
Download to read offline
i O S T H R E A T S The State of iOS Security
The iOS App Store is not the impenetrable walled garden you think it is. 
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: The Apple App Store has never had malware in it FACT: The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: Apple devices cannot be attacked like Android FACT : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: Threats on iOS only affect jailbroken devices FACT: Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
Today, iOS malware looks a lot like Android malware in 2010. 
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store.
K E V I N M A H A F F E Y Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the largest platforms first. Criminals are soon going to double down on iOS with targeted attacks. Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.
 HACKING TOOLS  VULNERA BIL ITIES  MALWAR E ! Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means. ! Software holes in the iOS platform that could be exploited to own iOS devices. ! Apps that take user data or negatively impact the device without the user’s knowledge or permission. i O S T H R E A T S T O D A T E What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:
i O S T H R E A T S T O D A T E 2009 Ikee First piece of iOS malware. 2010 JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2011 Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved. 2012 Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.
i O S T H R E A T S T O D A T E 2013 Evasi0n ! Mactans ! Jekyll and Hyde 2014 Keyboard contents bug ! Xsser mRAT ! Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. ! WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2015 XAgent  The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.      
STAY SAFE ! Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what you're doing and, of course, have a security app in place! 
For more mobile security information, follow

Recommended

Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Hiring Hackers
Hiring HackersHiring Hackers
Hiring HackersLookout
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go EvilLookout
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneLookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
Smart Mobile Apps
Smart Mobile AppsSmart Mobile Apps
Smart Mobile AppsArnd Brugman
 

Recommended

Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Hiring Hackers
Hiring HackersHiring Hackers
Hiring HackersLookout
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go EvilLookout
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneLookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
Smart Mobile Apps
Smart Mobile AppsSmart Mobile Apps
Smart Mobile AppsArnd Brugman
 
5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady AppsLookout
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to MeasureLookout
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS securityPriyanka Aash
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina SobriAbraham Domínguez Cuña
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android MenarikSaeful Bahri
 
March Pictures
March PicturesMarch Pictures
March Picturesguest6b95dc2
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementRed Rover
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlervisionSynergy
 
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 

More Related Content

Viewers also liked

5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady AppsLookout
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to MeasureLookout
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS securityPriyanka Aash
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android MenarikSaeful Bahri
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementRed Rover
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlervisionSynergy
 

Viewers also liked (19)

5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady Apps
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to Measure
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios system
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious Profiles
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmas
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS security
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina Sobri
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in Fail
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android Menarik
 
March Pictures
March PicturesMarch Pictures
March Pictures
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student Engagement
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
 

More from Lookout

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?Lookout
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile DevelopmentLookout
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing PrivacyLookout
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google AccountLookout
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple AccountLookout
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone GuideLookout
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World CupLookout
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneLookout
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the OlympicsLookout
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise ProductsLookout
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for GoodLookout
 
What is a Mobile Threat?
What is a Mobile Threat?What is a Mobile Threat?
What is a Mobile Threat?Lookout
 
Dragon lady
Dragon ladyDragon lady
Dragon ladyLookout
 
Dragon Lady
Dragon LadyDragon Lady
Dragon LadyLookout
 

More from Lookout (20)

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile Development
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing Privacy
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone Guide
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World Cup
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your Smartphone
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the Olympics
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise Products
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for Good
 
What is a Mobile Threat?
What is a Mobile Threat?What is a Mobile Threat?
What is a Mobile Threat?
 
Dragon lady
Dragon ladyDragon lady
Dragon lady
 
Dragon Lady
Dragon LadyDragon Lady
Dragon Lady
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

The State of iOS Security

  • 1. i O S T H R E A T S The State of iOS Security
  • 2. The iOS App Store is not the impenetrable walled garden you think it is. 
  • 3. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: The Apple App Store has never had malware in it FACT: The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
  • 4. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: Apple devices cannot be attacked like Android FACT : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.
  • 5. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: Threats on iOS only affect jailbroken devices FACT: Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
  • 6. Today, iOS malware looks a lot like Android malware in 2010. 
  • 7. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store
  • 8. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store.
  • 9. K E V I N M A H A F F E Y Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the largest platforms first. Criminals are soon going to double down on iOS with targeted attacks. Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.
  • 10.  HACKING TOOLS  VULNERA BIL ITIES  MALWAR E ! Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means. ! Software holes in the iOS platform that could be exploited to own iOS devices. ! Apps that take user data or negatively impact the device without the user’s knowledge or permission. i O S T H R E A T S T O D A T E What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:
  • 11. i O S T H R E A T S T O D A T E 2009 Ikee First piece of iOS malware. 2010 JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2011 Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved. 2012 Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.
  • 12. i O S T H R E A T S T O D A T E 2013 Evasi0n ! Mactans ! Jekyll and Hyde 2014 Keyboard contents bug ! Xsser mRAT ! Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. ! WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2015 XAgent  The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.      
  • 13. STAY SAFE ! Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what you're doing and, of course, have a security app in place! 
  • 14. For more mobile security information, follow