Usually it is Android that makes the headlines for security exploits but this time around, it’s iOS. Researchers from Palo Alto have uncovered a bug called Wirelurker which might already have affected hundreds of thousands of devices.
The primary method of infection for this bug is through the Maiyadi
App Store which is a third party app store for OSX based in China. At
the time of publication, it’s estimated that over 350,000 users might
already have been infected. Furthermore, the malicious code was present
in over 450 apps on the Maiyadi app store. Pirated versions of some high
profile games like Sims 3 and Angry Birds were amongst the infected
apps.
Wirelurker exploits the enterprise provisioning system mechanism,
which allows big companies to push through new software without the need
to go through the fairly laborious app store approval process. So any
app that has an enterprise provision certificate can be installed
without an issue. This is exploited and what’s concerning is that it
affects both jailbroken and non-jailbroken devices.
Once a desktop (all Macbooks and Macs are susceptible) has been
infected, Wirelurker can move to any iOS devices connected through a USB
cable. Then, it rewrites programs through binary file replacement. Once
a non-jailbroken device has been infected, Wirelurker side loads a
comic book app onto the device which is not malicious in itself.
Researchers suspect this is simply to test whether a device is
compromised or not.
The interesting part is that on infected devices, Wirelurker
specifically tries to identify the owner of the infected devices. On
jailbroken devices, it also tries to access text messages. It also tries
to steal payment information and other sensitive data. Some security
experts have labeled Wirelurker as primitive but fear that the mechanism
used by the bug could be exploited by more sophisticated hackers.
With Wirelurker, iOS users are facing their first widespread
significant security threat. Software for testing whether you are
affected or not has already been developed that you can download from here.
However, the fact remains that Wirelurker is not a passive threat. It
is under active development and you should stay safe by not using a
third party app stores or charging by plugging into devices you don’t
trust.