Mobile malware is the fastest growing security threat we face today. But that threat has long been lopsided, and unfortunately, Android mobile operating system has seen the brunt of attacks due to its immense popularity and accessibility around the globe. Apple’s iOS ecosystem, while also widely popular, has maintained a mostly malware free presence. Even law enforcement agencies have a hard time cracking iOS’ security shell.
But that shell may have a weak spot, and that is your phone’s connection to your computer. That’s the conclusion a team of researchers from the Georgia Institute of Technology came to after rigorously testing Apple’s ecosystem and finding that while the system itself is secure, the weakness lies in the other systems the smartphone connects to in sync operations. The team, according to IDG News Service, is set to present its findings at the Usenix Security Symposium.
Until recently, iOS devices synced with computers through what’s known as a Universal Serial Bus (USB) cable. This white cable would carry all of your phone’s data over to your computer. Your computer, in return, would update your phone with new applications you may have purchased or new songs, and sync other data such as contacts and settings to your smartphone.
But Apple has since introduced a feature that allows you to sync over Wi-Fi, which lets you do the same tasks, but without the need to connect your USB cable to your computer to do so. And therein lies the danger: data, whether over cable or Wi-Fi, leaves the safety of your mobile device and travels across an unsecured space, providing hackers with an in to your “iDevice.”
When your device transfers data to and from a computer, it does so trustingly. However, it cannot tell if your computer is infected with malicious software, or “malware,” which gives hackers their in. If a computer is infected with a piece of malware designed to work in a botnet—or a network of computers working together over the Internet to achieve a desired goal—a hacker has the chance to trick your iDevice into downloading a malicious app without your knowledge.
It does so in two ways: first, it uses an Apple ID belonging to you or someone else; second, it manipulates a developer certificate—used to show that an app is legitimate—to trick the iDevice into thinking it’s downloading a safe app. When in fact, it isn’t.
Thankfully, though, this attack has—to our knowledge—only been exploited by security research professionals.
So what can you do to lessen the likelihood of downloading malware onto your mobile device? Well, thankfully, there are a few things you can do:
- Don’t connect your iDevice to untrusted computers. The key vulnerability in this hack is the computer. So, it stands to reason, that if you don’t want to find malware on your phone, don’t connect it to a computer you are unfamiliar with, such as a public or shared computer. Yes, that may be easier said than done, but if you feel that there is a chance the computer could have been compromised by malware, don’t put your phone at risk as well.
- Use comprehensive security. This hack uses computer-based malware to infect your iPhone. But you can defend yourself from this type of attack by taking up a multi-faceted approach to security. With McAfee LiveSafe™ service you can lock down your computer and mobile device to keep hackers at bay. And for added protection on your mobile device, or for those who already have desktop protection software, McAfee® Mobile Security, free for iOS users, will help protect your data with backup and recovery for contacts, photo and video. It even includes a location tracker should your physical device get lost or stolen.
- Don’t jailbreak your iPhone. I’ve discussed the dangers of jailbreaking at length before, but it bears repeating: the only guaranteed way a hacker can infect your iDevice with malware (besides the above vulnerability) is through a device that has been jailbroken. If you don’t want to run the risk of getting malware on your iPhone, then don’t jailbreak.