Showing posts with label Security vulnerabilities. Show all posts
Showing posts with label Security vulnerabilities. Show all posts

Monday, September 7, 2015

Chinese iPhone Users Hit by 'KeyRaider' Malware

Keyraider
iPhone had commanded a safe and sound to be true a secure history in its eight years of history. It happens to be the most secure smartphone till now. Most of the people resort to jailbreak the iPhone in order to download mobile apps from other online play stores. This seriously limits the security level by removing the system security features, which are made available on the iPhone by Apple. A malicious software had been successful in stealing a wide number of login names and passwords from more than 225,000 Apple accounts in China.

A security firm finds a rogue malware in iPhone devices

A security firm named Palto Alto Networks was investigating the suspicious activity found a wide number of Apple devices. During the investigation, it came across a malicious software family, which was specifically targeting the Jailbroken Apple iPhones devices for some time.

This malicious software is being KeyRaider and it has affected a large number of iPhone users in China along with 17 other nations.

How KeyRaider affected the iPhone users?

Once an iPhone user downloads and install the malware which remains hidden in the packages of codes and it offers a number of tweaks to the iPhone’s operating system. The Keyraider is designed in s such a way wherein it can easily intercept the user’s iTune’s login details and then store the same data on a remote server.

After stealing the user’s iTunes payment information and other details, attackers use it to install paid apps on other iOS devices. Palo Alto Networks had even found a separate app, which allows the users to install paid apps from the Apple app store of cost and till now this app has been downloaded more than 20,000 times. The payment from this free app is being done by the KeyRaider’s victims.

How serious is this attack?

For most of the iPhone users KeyRaider is not a big issue as long as they install only those apps, which are approved by the Apple’s app store. It should be noted that most of the iPhones are not Jailbroken but users who had already jailbroken their devices should certainly worry about the KeyRaider as it can easily steal their lognames and passwords and other things.

People who had already suffered from the damage of KeyRaider will find themselves being charged for someone else’s stolen iPhones apps. The security firm had even stated that in some cases it found evidence wherein malware was used in locking up the phone and asking for ransom.
Beware of third-party app stores
Apple devices are third most popular brand in China after the Huawei and Xiamoi as per the reports by IDC. Apple app store has a wide number security checks in place, which helps in thwarting the malicious apps from listing in the store and helps in safeguarding the iPhone users. But the third party app store doesn’t offer similar kind of security checks and controls in place which results in the distribution of malicious software.

Saturday, July 2, 2011

Security vulnerabilities in Apple Portal Developers



According to YGN Ethical Hacker Group, the portal developers of Apple will be open to the four winds: riddled with flaws, it could allow an attacker to set up a phishing operation.

"Crippled", the word may be strong, but they are still three vulnerabilities that were discovered by this group of hackers who wants kindness. These three faults are linked and open the door to arbitrary redirection, separation HTTP response, and an XSS attack. A hacker could then direct the user to a malicious site without one cannot realize: the address displayed will always be developer.apple.com. It could then recover login and password with a page much imitated, still unnoticed.

Apple would have been alerted as soon as April 27 but could not properly plug the holes. Oracle, warned at the same time for similar problems, responded in a week and thanked the group. YGN is now threatening to publish his findings on a public list. The portal developers Apple has repeatedly been unreachable in recent hours.

The group of hackers published on his blog the details of these different vulnerabilities. Apple has indeed now fixed these flaws. However, the timing given by the YGN Ethical Hacker Group shows that between the times he reported these problems to Apple and when necessary has been done, it took a good two months.