iPhone Malware Is Hitting China - Let’s Not Be Next

Mark in Essex · 07-10-2015, 10:30

Just cut and pasted it from the news.

Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news).

Just to make people aware.

http://www.wired.com/2015/10/iphone-...lets-not-next/

By the sound of it it's only older versions of IOS that it's easy to get infected with, but newer versions are still not immune (reading you have to select YES to get infected on newer versions).

BKM · 07-10-2015, 11:04

Quote:

Originally Posted by Mark in Essex

Just cut and pasted it from the news.

Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news).

I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.

Stuart_h · 07-10-2015, 11:21

Quote:

Originally Posted by BKM

I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.

The article was, in part, discussing the aftermath of the recent breaches and the impacts moving forward. It wasn't scaremongering about a current issue ..... It was actually quite an interesting read.

Mark in Essex · 07-10-2015, 14:17

Quote:

Originally Posted by BKM

I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.

I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet?

Stig · 07-10-2015, 15:11

Quote:

Originally Posted by Mark in Essex

I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet?

Yes, this is different from the one we discussed:

Quote:

In at least the most recent of these two attacks, victims did have to make an almost comical series of blunders to have their phone hacked. The malware, which Palo Alto Networks called YiSpecter in its detailed writeup, tricked users into circumventing Apple’s tightly controlled App Store to install a porn video player. (In some cases the hackers used local internet service providers in China, which are known to hijack traffic to insert ads on websites, to advertise the sexy video app in pop-up prompts.) If the user fell for that lure, the hackers managed to skirt Apple’s App Store and install the app by using a so-called “enterprise certificate,” a system that allows companies and agencies to install their own custom programs on employees’ phones without Apple’s signoff.

clonmult · 07-10-2015, 15:11

Quote:

Originally Posted by BKM

I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.

Different issue, but iirc it relates to some enterprise features that not all will have enabled.

jchamier · 07-10-2015, 22:41

Quote:

Originally Posted by clonmult

Different issue, but iirc it relates to some enterprise features that not all will have enabled.

Enterprise provisioning profiles allow companies an ability to have an internal "app store" and deploy "managed applications" which are categorised separately by iOS. These applications don't back up to iCloud or iTunes and can share data with other managed apps, but not unmanaged apps.

Someone shipped out a profile and convinced people to install it, which means it was social engineering.

Weak point is always the human.

07-10-2015, 10:30	#1
Mark in Essex Forum Member Join Date: Mar 2005 Posts: 3,644	iPhone Malware Is Hitting China - Let’s Not Be Next Just cut and pasted it from the news. Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news). Just to make people aware. http://www.wired.com/2015/10/iphone-...lets-not-next/ By the sound of it it's only older versions of IOS that it's easy to get infected with, but newer versions are still not immune (reading you have to select YES to get infected on newer versions).

07-10-2015, 11:04	#2
BKM Forum Member Join Date: Jul 2007 Posts: 6,288	Quote: Originally Posted by Mark in Essex Just cut and pasted it from the news. Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news). I am afraid you are well out of date!! This was fully discussed here about two weeks ago. It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.

07-10-2015, 11:21	#3
Stuart_h Forum Member Join Date: Jul 2005 Posts: 3,474	Quote: Originally Posted by BKM I am afraid you are well out of date!! This was fully discussed here about two weeks ago. It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this. The article was, in part, discussing the aftermath of the recent breaches and the impacts moving forward. It wasn't scaremongering about a current issue ..... It was actually quite an interesting read.

07-10-2015, 14:17	#4
Mark in Essex Forum Member Join Date: Mar 2005 Posts: 3,644	Quote: Originally Posted by BKM I am afraid you are well out of date!! This was fully discussed here about two weeks ago. It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this. I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet?

07-10-2015, 15:11	#5
Stig Forum Member Join Date: Sep 2003 Location: Sandy Heath, Beds. UK Posts: 10,383	Quote: Originally Posted by Mark in Essex I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet? Yes, this is different from the one we discussed: Quote: In at least the most recent of these two attacks, victims did have to make an almost comical series of blunders to have their phone hacked. The malware, which Palo Alto Networks called YiSpecter in its detailed writeup, tricked users into circumventing Apple’s tightly controlled App Store to install a porn video player. (In some cases the hackers used local internet service providers in China, which are known to hijack traffic to insert ads on websites, to advertise the sexy video app in pop-up prompts.) If the user fell for that lure, the hackers managed to skirt Apple’s App Store and install the app by using a so-called “enterprise certificate,” a system that allows companies and agencies to install their own custom programs on employees’ phones without Apple’s signoff.

07-10-2015, 15:11	#6
clonmult Forum Member Join Date: Oct 2005 Location: UK Posts: 3,291	Quote: Originally Posted by BKM I am afraid you are well out of date!! This was fully discussed here about two weeks ago. It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this. Different issue, but iirc it relates to some enterprise features that not all will have enabled.

07-10-2015, 22:41	#7
jchamier Forum Member Join Date: Mar 2000 Location: This forum Posts: 3,392	Quote: Originally Posted by clonmult Different issue, but iirc it relates to some enterprise features that not all will have enabled. Enterprise provisioning profiles allow companies an ability to have an internal "app store" and deploy "managed applications" which are categorised separately by iOS. These applications don't back up to iCloud or iTunes and can share data with other managed apps, but not unmanaged apps. Someone shipped out a profile and convinced people to install it, which means it was social engineering. Weak point is always the human.

DS Forums

iPhone Malware Is Hitting China - Let’s Not Be Next