Monday, September 21, 2015

How to detect if your iPhone is infected with XcodeGhost

There are dozens or hundreds of iOS apps infected with XcodeGhost? Which apps are affected? How can we know if our phone has the virus? How we delete it? Absolute misinformation. Apple is not answering during the iPhone's most serious crisis, only a few words to Reuters to calm down, ensuring that the apps affected have been deleted. Today we'll talk, almost exclusively, about the growing insecurity of mobile telephony, leaving a few time for an audit which is even more frightening: the one made to the company Target, after they robbed them million data from costumers in 2013.  

Last Friday, we explained the severity of the incident: someone had infected a platform used by the apps developers of iPhone in China, so their creations were infected, they passed the controls of the App Store and entered the iPhones of hundreds of millions of people. Apple is offering information little by little and it was the security community which found the solution to the main questions: what the virus does and how to detect if a phone is infected.

WeChat and CamCard

The media talk about hundreds of infected apps, but Apple hasn't offered any list. The technicians of Palo Alto Networks have done it, giving a specific figure: 39 infected apps, the popular WeChat among them, which is already distributing a new version, 6.2.6., without virus, and CamCard, a very popular credit card reader app in several countries, among others widely used in China.

No app is completely safe

Casually, today we know the results of a research about the main travel apps in Android and iOS, which confirms the great insecurity of the mobile telephony. Honestly, we don't need virus to leave us empty-handed, the apps theirselves do it: among 10 Android apps only one, none from iOS, cipher data in the device, and only two from Android and one from iOS use certificates to ensure the data in transit. More: no app set controls to avoid that an attacker could manipulate it or create malicious versions.

No one followed the policy

After all, what surprises us if the IT security in other environments, such as the companies, is also annoying. We only have to take a look at the results of the audit made by Verizon over the Target corporation after suffering a theft of million data from its customers. Among other aberrations we discover that there were no controls which limited the access of an attacker to a system, including the sales terminals. And talking about passwords, the auditors coukd easily crack 86% of them.

A curious fact, which must make the IT responsibles think about it, is that Target had a password policy, but no one followed it. Welcome to Monday.


Post a Comment