Tag Archives: iOS

WireLurker

Yesterday Palo Alto Networks released a report on a new OSX & iOS malware, WireLurker.  The best write-up I have seen so far is here: http://www.zdziarski.com/blog/?p=4140

A couple pertinent points:

-Currently only circulated through Chinese warez – seems to be targeting identifying information of users only (possibly to identify key players in the Chinese software-pirating market?)

-The concern is not so much about WireLurker itself, but “…that this technique could be weaponized in the future, and be a viable means of attack on public and private sector machines.”

-If you are interested in detecting if a device has been compromised, see here:  https://github.com/PaloAltoNetworks-BD/WireLurkerDetector – If anybody has IDS sigs yet, please let me know….

 

Key Takeways:

-Remind users that jailbreaking your phone (whether android or iphone) nets you less security – better yet, enforce policies that disallow jailbreaking devices that have organizational data on it

-“While your own Mac may not be infected with WireLurker, it’s possible others (in your school, college, at work, or public computers) are, so it’s important not to trust any devices other than your own. To help prevent this from accidentally happening, you may wish to pair lock your device using these instructions.”

We need to continue to help foster cultural change that surrounds most of our Mac users – the fallacy that if you have a Mac, you don’t need to worry about security issues… “Only PC users need to worry about that.”

Tagged , , , ,

GSEC Gold Paper Accepted: Securely Integrating iOS Devices into the Business Environment

This past weekend, I was put on notice that my GSEC Gold paper was accepted and published by SANS. Here is the abstract:

“Driven primarily by the end user, iOS devices continue to inundate businesses at an ever-increasing rate.  Because these devices are housing sensitive organizational data, it is imperative that it is understood what risks to the organization are involved in allowing users to utilize these devices for business.  Ascertaining what the risks are, and what the compensating controls would be, should be a critical component of any business risk assessment. The security features of the device itself, how applications are utilized on the device, and the actual usage of the device needs to be evaluated. Beyond the aforementioned areas, a major consideration that needs to be taken into account is whether the device is personally owned or business owned, as well as how it is managed, as these will be the primary factors by which controls are evaluated to manage the incurred risk.  Finally, users need to be made aware of the risks, and trained in what their responsibility is to reduce the risk to an acceptable level.”

Here is a link to the paper.

-Josh

Tagged , , ,