SlideShare uma empresa Scribd logo

The State of iOS Security

Lookout
Lookout

There is a common belief that iOS devices don't get malware, but the iOS threat landscape is actually quite similar to what we saw on Android in 2010. Read the blog: https://blog.lookout.com/blog/2015/03/05/the-state-of-ios-security/

TecnologiaCelular
1 de 14
Baixar para ler offline
i O S T H R E A T S The State of iOS Security
The iOS App Store is not the impenetrable walled garden you think it is. 
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: The Apple App Store has never had malware in it FACT: The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: Apple devices cannot be attacked like Android FACT : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.
T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: Threats on iOS only affect jailbroken devices FACT: Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
Today, iOS malware looks a lot like Android malware in 2010. 
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store
Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store.
K E V I N M A H A F F E Y Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the largest platforms first. Criminals are soon going to double down on iOS with targeted attacks. Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.
 HACKING TOOLS  VULNERA BIL ITIES  MALWAR E ! Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means. ! Software holes in the iOS platform that could be exploited to own iOS devices. ! Apps that take user data or negatively impact the device without the user’s knowledge or permission. i O S T H R E A T S T O D A T E What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:
i O S T H R E A T S T O D A T E 2009 Ikee First piece of iOS malware. 2010 JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2011 Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved. 2012 Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.
i O S T H R E A T S T O D A T E 2013 Evasi0n ! Mactans ! Jekyll and Hyde 2014 Keyboard contents bug ! Xsser mRAT ! Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. ! WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2015 XAgent  The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.      
STAY SAFE ! Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what you're doing and, of course, have a security app in place! 
For more mobile security information, follow

Recomendados

Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Hiring Hackers
Hiring HackersHiring Hackers
Hiring HackersLookout
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go EvilLookout
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneLookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
Smart Mobile Apps
Smart Mobile AppsSmart Mobile Apps
Smart Mobile AppsArnd Brugman
 

Recomendados

Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Hiring Hackers
Hiring HackersHiring Hackers
Hiring HackersLookout
 
When Android Apps Go Evil
When Android Apps Go EvilWhen Android Apps Go Evil
When Android Apps Go EvilLookout
 
I Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingI Want More Ninja – iOS Security Testing
I Want More Ninja – iOS Security TestingJason Haddix
 
How to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneHow to (Safely) Cut the Cord With Your Old iPhone
How to (Safely) Cut the Cord With Your Old iPhoneLookout
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
Smart Mobile Apps
Smart Mobile AppsSmart Mobile Apps
Smart Mobile AppsArnd Brugman
 
5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady AppsLookout
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to MeasureLookout
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS securityPriyanka Aash
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina SobriAbraham Domínguez Cuña
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android MenarikSaeful Bahri
 
March Pictures
March PicturesMarch Pictures
March Picturesguest6b95dc2
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementRed Rover
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlervisionSynergy
 
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 

Mais conteúdo relacionado

Destaque

5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady AppsLookout
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to MeasureLookout
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)lpilorz
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios systemJamil S. Alagha
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012 hakersinfo
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmasTech and Law Center
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS securityPriyanka Aash
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailStefan Esser
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applicationsSatish b
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android MenarikSaeful Bahri
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementRed Rover
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlervisionSynergy
 

Destaque (19)

5 Types of Shady Apps
5 Types of Shady Apps5 Types of Shady Apps
5 Types of Shady Apps
 
Mobile Threats, Made to Measure
Mobile Threats, Made to MeasureMobile Threats, Made to Measure
Mobile Threats, Made to Measure
 
WebView security on iOS (EN)
WebView security on iOS (EN)WebView security on iOS (EN)
WebView security on iOS (EN)
 
Smart phone security ios system
Smart phone security ios systemSmart phone security ios system
Smart phone security ios system
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
Android village @nullcon 2012
Android village @nullcon 2012 Android village @nullcon 2012
Android village @nullcon 2012
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
iOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious ProfilesiOS Security: The Never-Ending Story of Malicious Profiles
iOS Security: The Never-Ending Story of Malicious Profiles
 
Android malware overview, status and dilemmas
Android malware overview, status and dilemmasAndroid malware overview, status and dilemmas
Android malware overview, status and dilemmas
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS security
 
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina Sobri
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
SyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in FailSyScan 2015 - iOS 678 Security - A Study in Fail
SyScan 2015 - iOS 678 Security - A Study in Fail
 
Hacking and securing ios applications
Hacking and securing ios applicationsHacking and securing ios applications
Hacking and securing ios applications
 
Template ppt Android Menarik
Template ppt Android MenarikTemplate ppt Android Menarik
Template ppt Android Menarik
 
March Pictures
March PicturesMarch Pictures
March Pictures
 
Leveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student EngagementLeveraging Social Media For Increased Student Engagement
Leveraging Social Media For Increased Student Engagement
 
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill ButlerReleasing the Power of Your Network - 17-12-2015 - Phill Butler
Releasing the Power of Your Network - 17-12-2015 - Phill Butler
 

Mais de Lookout

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsLookout
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile SecurityLookout
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?Lookout
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidLookout
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile DevelopmentLookout
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing PrivacyLookout
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google AccountLookout
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple AccountLookout
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone GuideLookout
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World CupLookout
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneLookout
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the OlympicsLookout
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise ProductsLookout
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for GoodLookout
 
What is a Mobile Threat?
What is a Mobile Threat?What is a Mobile Threat?
What is a Mobile Threat?Lookout
 
Dragon lady
Dragon ladyDragon lady
Dragon ladyLookout
 
Dragon Lady
Dragon LadyDragon Lady
Dragon LadyLookout
 

Mais de Lookout (20)

The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected CarsThe New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
The New Assembly Line: 3 Best Practices for Building (Secure) Connected Cars
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
 
5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security5 Ways to Protect your Mobile Security
5 Ways to Protect your Mobile Security
 
What Is Spyware?
What Is Spyware?What Is Spyware?
What Is Spyware?
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 
Relentless Mobile Threats to Avoid
Relentless Mobile Threats to AvoidRelentless Mobile Threats to Avoid
Relentless Mobile Threats to Avoid
 
Scaling Mobile Development
Scaling Mobile DevelopmentScaling Mobile Development
Scaling Mobile Development
 
Visualizing Privacy
Visualizing PrivacyVisualizing Privacy
Visualizing Privacy
 
3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account3 Ways to Protect the Data in Your Google Account
3 Ways to Protect the Data in Your Google Account
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone Guide
 
Mobile Security at the World Cup
Mobile Security at the World CupMobile Security at the World Cup
Mobile Security at the World Cup
 
Spring Cleaning for Your Smartphone
Spring Cleaning for Your SmartphoneSpring Cleaning for Your Smartphone
Spring Cleaning for Your Smartphone
 
Security & Privacy at the Olympics
Security & Privacy at the OlympicsSecurity & Privacy at the Olympics
Security & Privacy at the Olympics
 
10 Beautiful Enterprise Products
10 Beautiful Enterprise Products10 Beautiful Enterprise Products
10 Beautiful Enterprise Products
 
Hacking the Internet of Things for Good
Hacking the Internet of Things for GoodHacking the Internet of Things for Good
Hacking the Internet of Things for Good
 
What is a Mobile Threat?
What is a Mobile Threat?What is a Mobile Threat?
What is a Mobile Threat?
 
Dragon lady
Dragon ladyDragon lady
Dragon lady
 
Dragon Lady
Dragon LadyDragon Lady
Dragon Lady
 

Último

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Último (20)

How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

The State of iOS Security

  • 1. i O S T H R E A T S The State of iOS Security
  • 2. The iOS App Store is not the impenetrable walled garden you think it is. 
  • 3. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: The Apple App Store has never had malware in it FACT: The App Store published at least one piece of malware and approved two others. The published malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
  • 4. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: FACT devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: Apple devices cannot be attacked like Android FACT : Actually, once on the device, iOS malware can perform many of the same types of attacks as Android malware including data exfiltration and surveillance.
  • 5. T O P M Y T H S A B O U T A P P L E S E C U R I T Y 1# MYTH: FACT malware, a trojan called “Find and Call,” downloaded your phonebook and spammed contacts. 3# MYTH: Threats on iOS only affect jailbroken devices FACT: Wirelurker, XAgent, Find and Call, and others are proof that malware can affect non-jailbroken devices. Non-jailbroken threats will be more targeted and sophisticated, but they’re not impossible to create. 2# MYTH: FACT types of attacks as Android malware including data exfiltration and surveillance.
  • 6. Today, iOS malware looks a lot like Android malware in 2010. 
  • 7. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store
  • 8. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream. Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store.
  • 9. K E V I N M A H A F F E Y Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the largest platforms first. Criminals are soon going to double down on iOS with targeted attacks. Kevin Mahaffey, Lookout CTO, predicts that we'll soon see a new wave of iOS attacks that will fundamentally change the iOS threat landscape.
  • 10.  HACKING TOOLS  VULNERA BIL ITIES  MALWAR E ! Apps or services that a user employs to jailbreak, or gain root access to the phone, but could be used for malicious means. ! Software holes in the iOS platform that could be exploited to own iOS devices. ! Apps that take user data or negatively impact the device without the user’s knowledge or permission. i O S T H R E A T S T O D A T E What are these threats that can seemingly execute just like Android malware can? We classify iOS threats to date into three different categories:
  • 11. i O S T H R E A T S T O D A T E 2009 Ikee First piece of iOS malware. 2010 JailbreakMe A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2011 Instastock One of the first pieces of “malware” to get into the Apple App Store. Created by researcher Charlie Miller, this proof-of-concept malware looked “safe” during Apple’s review process, but secretly downloaded malicious code after being approved. 2012 Find and Call Find and Call was the first non-POC iOS trojan to get inside the App Store. It silently stole a victim’s phonebook and spammed their friends. The creator claimed this was a software bug. Apple removed it from the App Store.
  • 12. i O S T H R E A T S T O D A T E 2013 Evasi0n ! Mactans ! Jekyll and Hyde 2014 Keyboard contents bug ! Xsser mRAT ! Masque Attack A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. ! WireLurker A tool that exploited a hole in the iOS PDF reader in order to jailbreak the phone. 2015 XAgent  The latest iOS malware. This is surveillanceware that may be part of a broader cyber-espionage campaign.      
  • 13. STAY SAFE ! Be cautious of clicking links to download applications, don't jailbreak your phone unless you really know what you're doing and, of course, have a security app in place! 
  • 14. For more mobile security information, follow