back to article All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …

Cart and Horse

> This is partly driven by the increased popularity of Macs but mainly down to successful targeting by crooks.

Yebbut, the targeting by crooks is mainly driven by the increased popularity. Or am I missing a nuance here?

7
0
Silver badge

So...

A report on a problem issued by a company that wants to Sell stuff to defend against that problem?

Who'd a thought it eh?

does anyone really use their crap software anymore? Be honest now!

14
1
Silver badge

Re: So...

"A report on a problem issued by a company that wants to Sell stuff to defend against that problem?"

Yes, I'm an infosec company reporting on information security obviously has a double motive. I won't trust this until it's confirmed by a disinterested actor like a shoe shop or something. I'll get rid of all my network's antivirus and firewalls, too, since I've yet to see a single press release from Topshop advising me to use them.

4
1

No absolute numbers provided. Why?

Windows had 30 million NEW malware threats in 2014 or about 82,000 per day.

9
5
Anonymous Coward

Re: No absolute numbers provided. Why?

Because that's not news.

Also, growth percentages are used because "fuck all growing to almost fuck all" doesn't bait the clicks as much.

14
0

Re: No absolute numbers provided. Why?

Zero ever for Windows Phone however.

5
3

Re: No absolute numbers provided. Why?

Zero ever for Windows Phone however.

Units sold?

15
7
Anonymous Coward

Re: No absolute numbers provided. Why?

>Zero ever for Windows Phone however.

Because hackers are not interested in the four sad idiots who bought a windows phone, that also goes for App developers too.

10
13
Anonymous Coward

Re: No absolute numbers provided. Why?

"Units sold?"

Over 100 million.

5
1
Anonymous Coward

Re: No absolute numbers provided. Why?

>Over 100 million.

95 million returned or are in landfill.

8
12
Silver badge

Re: No absolute numbers provided. Why?

Of the 6.3 million Android apps analysed in 2014, one million of these were classified as malware, while

2.3 million were classified as grayware. A further 1.3 million apps within the grayware category were

classified as madware.

1
5
Silver badge

Re: No absolute numbers provided. Why?

Pretty sure that's the argument we used to use about why there were so few viruses in Apple world...

1
0
Anonymous Coward

Re: No absolute numbers provided. Why?

Lol, 100m apparently sold (more likely shipped bd then buried). I think if you find that hole in Mexico where they found all the Nintendo cartridges, it will be filled with lumias

I know nobody that has one, I know nobody that wants one, and I see nobody in the street or on the tube with one.

So where are these units...???? Apart from in Microsoft propaganda.

2
3
Anonymous Coward

Re: No absolute numbers provided. Why?

Zero ever for Windows Phone however.

Even the more ardent criminal has some self respect and will not want to be seen buying/stealing a Windows phone, so yes, I can believe that. Besides, who needs an extra virus when one has Windows already?

3
3
Silver badge

Re: No absolute numbers provided. Why?

"Because hackers are not interested in the four sad idiots who bought a windows phone, that also goes for App developers too"

While inflammatory, this is pretty much accurate. But it's odd that when no-one targets Windows Phone, it's because no-one uses it, while when no-one targets Apple products (with a similarly tiny userbase) you attribute it to their brilliant security regime as opposed to no-one in their right mind storing anything remotely valuable on a Mac.

3
5
Anonymous Coward

Re: No absolute numbers provided. Why?

So where are these units...?

My wife has one for work purposes (NHS), and my employers (BigBadCorporate) have just announced that the bosses will get iPhones, we peasants will be getting sh*tty Microsoft phones.

So, not buried anywhere, but carried unwillingly by those unfortunate enough to have corporate drones in IT and their accountant friends deciding to buy rubbish because it is cheap.

2
0

Re: No absolute numbers provided. Why?

And 6.2 million were classified as a complete waste of time for everyone involved.

1
0
Anonymous Coward

Re: No absolute numbers provided. Why?

as opposed to no-one in their right mind storing anything remotely valuable on a Mac Windows

Fixed it for you. It's so much easier securing even the most basic MacBook and keeping it that way that not using them for sensitive stuff ought to immediately result in negligence charges when it inevitably goes wrong. The tools are there to do it right by default, and on a Mac they're built-in (read: supported by the manufacturer).

0
0

Re: No absolute numbers provided. Why?

Also, a metric relating to threats on platform A has no relevance to risk reduction of platform B, unless one is choosing between platforms on the basis of number of threats.

In fact, sharing such metrics could increase risky behaviour by encouraging false subjective probability and potential harm re platform B based on an irrelevant comparison of unrelated threats.

I do risk assessment. Of humans.

0
0
Silver badge

This oculd be due to the popularity of windows...

Or it might be due to the fundamentally different starting points of DOS and BSD

6
2
Silver badge

Re: This oculd be due to the popularity of windows...

Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days). The NT kernel was modelled on VMS.

I use both OSes daily. There really is no difference in privilege escalation between OSX and Windows. Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek.

The vast majority of malware doesn't "crack" a system, it fools the user into handing over the keys. This is why tainted installers are so useful as a vector - users are less concerned that an application installer asks for temporary admin privilege. (MacOSX is the same as Windows here).

In my experience of cleaning up after this stuff (and a brief period working for an anti-malware company), a lot of users will accept any kind of unexpected privilege escalation if they think they're getting something for free.

Windows is still a more lucrative target than OS X, simply because Windows PCs are more likely to be in business-critical functions in small businesses. A cryptlocker in an small accountancy practice, two days before the filing deadline is way more likely to yield a payout for the malware writer.

24
1
Silver badge

Re: This oculd be due to the popularity of windows...

"Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days). The NT kernel was modelled on VMS.

I use both OSes daily. There really is no difference in privilege escalation between OSX and Windows. Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek."

Yes - but I couldn't remember VMS offhand, and DOS was a more polarised difference...

Priviledge escalation is possible on any OS:

http://www.theregister.co.uk/2015/07/22/os_x_root_hole/

http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

http://www.theregister.co.uk/2015/06/24/killer_character_hoses_smallalmostsmall_all_versions_of_reader_windows/

http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/

Just the top links from a google search of priv esc against the register domain for the mostly discussed OSes (yes I know netBSD != FreeBSD, I only searched BSD)

Of course it is far easier to ask for the rights from the user - who usually doesn't understand what's hapening and has been trained to "click yes if you want the computer to work"

2
0
Silver badge
Unhappy

Re: This oculd be due to the popularity of windows...

"Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days)."

Not quite. The culture of DOS malware simply moved to Windows as a target as the original DOS elements disappeared.

"The NT kernel was modelled on VMS."

"Modelled" is a far cry from "implemented like". The practice of passing arguments by descriptor didn't make it into NT, and new attack vectors such as Autorun were introduced.

Running everything from the Adminstrator account by default was never a good idea.

5
2
Anonymous Coward

Re: This oculd be due to the popularity of windows...

"Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek.

The vast majority of malware doesn't "crack" a system, it fools the user into handing over the keys. "

I don't know if you have a citation for that but in my experience nearly all the malware is either from the malware using a hole in an application that already has escalated privileges (every installed application on your system, eg Flash, Java etc) or can run from userland and doesn't need escalation - eg. cryptowall.

As most business users don't have any escalation rights at all it would be great if all malware had to go through UAC, but it doesn't so businesses still get many issues.

Giving a simple option to applications (including macro enabled) running from userland without admin approval would be a big help (it can be done manually using group policies or AV software), stopping new processes (different sig) being created by existing applications without whitelisting would be another help (e.g flash.exe can't create and call a process called virus.exe without approval - you could whitelist windows update for example).

0
1
Silver badge

Re: This oculd be due to the popularity of windows...

"I don't know if you have a citation for that but in my experience nearly all the malware is either from the malware using a hole in an application that already has escalated privileges (every installed application on your system, eg Flash, Java etc) or can run from userland and doesn't need escalation - eg. cryptowall."

Not really. Spend some time on a warez site and you'll quickly discover just how much malware is delivered via simply asking the user to install it. Like those endless browser object malwares from the mid-2000s that often came bundled with legit software; you downloaded Java, don't untick the minuscule 'also install computer syphilis!' box, and then had to spend the following six weeks trying to peel it off the system. Oracle still haven't stopped shipping toolbars and hijackers with Java.

Besides, most breaches are now more of a combination anyway - there's a significant social engineering element to convince the user to allow the vector to be opened (faking a conference so that you can deliver a fake calendar invite that delivers your payload; metasploiting a fake website etc).

In the end, though, if you think that modern Windows is significantly less secure than Mac OSX, then that just means you don't understand how to configure a modern Windows box properly. Security pros don't see Windows as being any worse than Apple in terms of inherent security - in fact, many find Apple's walled garden deeply worrying because it runs counter to the 'assume you're already breached' philosophy which now dominates infosec (hence why Eugene Kaspersky claimed Apple were over a decade behind Microsoft in security terms in 2012 or so - they are literally working in a different paradigm from modern IT security, like if there was one cutting-edge science lab which insisted on still explaining everything in terms of Phlogiston and Aether).

1
0
Anonymous Coward

Re: This oculd be due to the popularity of windows...

"Not really. Spend some time on a warez site and you'll quickly discover just how much malware is delivered via simply asking the user to install it. Like those endless browser object malwares from the mid-2000s that often came bundled with legit software; you downloaded Java, don't untick the minuscule 'also install computer syphilis!' box, and then had to spend the following six weeks trying to peel it off the system. Oracle still haven't stopped shipping toolbars and hijackers with Java."

I'm assuming that the target audience here and most readers are business IT users and so their users would not have admin access to allow install of nasties and wouldn't be browsing a warez site. The user would also not be able to install any associated application, the IT team would do it and generally automated through group policies or deployment servers.

1
0
Anonymous Coward

Re: This oculd be due to the popularity of windows...

that just means you don't understand how to configure a modern Windows box properly

But Windows is a consumer OS - it should be already like that.

3
0

iOS Jailbreaking is a good thing...

...because each and every instance of an iOS jailbreak installation relies on some kind of existing vulnerability. With each new iOS update, Apple close the vulnerability, which makes it more secure for all, and the jailbreak authors have to try a little harder. There have been times when jailbreaks have been unavailable for months.

As the article says, jailbreakers need to be aware of the risks, because it's them - almost always them - that are targeted by iOS malware.

I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above.

6
0

Re: iOS Jailbreaking is a good thing...

I used to jailbreak but there's just no point any more. iOS does everything I need with only emulators being missing from the App Store... and I can get those now by just building them in Xcode (Provenance is especially easy). There's really no need to jailbreak these days other than to prove you can...

2
0
Silver badge

Re: iOS Jailbreaking is a good thing...

"I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above."

Nor do I. I'd add that it is increasingly unsafe to have even one jailbroken/unlocked device among several that are not because as synchronisation between devices gets deeper the risk of that unlocked device being a vector into the others increases. I would be extremely nervous now about using Windows desktop-sharing software for precisely this reason; it may enable cross-platform attacks.

Criminals, eh? Ruining everything for everybody, mostly in pursuit of a not very good income.

3
0
Silver badge

Yet more excuses for Apple to wall off OS/X even more

They've already limited what root can do. Great you think! No , not really if you're an admin or someone who wants to run your system without having to use Apple signed programs to get anything done. What if apple hasn't written a program to do what I want to do? Tough luck then I guess. This is the thin end of a very long wedge. Ultimately their goal is almost certainly to lock down OS/X to near iOS levels - for our security naturally! - whereby only apple approved programs can be downloaded from apple approved sites. Or just the one site - App Store.

6
5
Stop

Re: Yet more excuses for Apple to wall off OS/X even more

App signing is a requirement you can turn off. Also it's not Apple who sign it, it's a developer key that is used. You still have full control of what runs under OS X.

3
2
Silver badge

Re: Yet more excuses for Apple to wall off OS/X even more

"You still have full control of what runs under OS X."

Sure, but you don't have full control over what can edit some system files. If its not apple signed it wont work on the latest versions of the OS.

2
1

Re: Yet more excuses for Apple to wall off OS/X even more

Rootless mode was introduced with El Capitan so that many system files and folders are off limits to all third party applications. And a good thing, too. Those files should not be tampered with, even if you are able to type in God's password when some malware has popped up a dialog box.

But... if you are a really determined owner, it's possible to disable rootless mode. Google it. It's a bit of a palaver, but possible.

2
0
Silver badge

Re: Yet more excuses for Apple to wall off OS/X even more

"if you're an admin"

There's your problem right there, you're an administrator trying to use Apple software.

0
1
Silver badge

Re: Yet more excuses for Apple to wall off OS/X even more

"And a good thing, too"

Good for whom? Us because it makes administration a pain or Apple because it cuts down any potential root exploits in their software that could be bad publicity?

Unix has managed fine with root having complete control over the system for 40 years and Linux still manages fine today.

2
1
Silver badge

Re: Yet more excuses for Apple to wall off OS/X even more

Neither Linux nor Unix are or ever were being run on a PC by "average people" like OS X is. It is a lot harder to trick a typical Linux desktop user into typing the root password in a dialog box just because it is asked for than it is to trick the typical Mac/Windows user into doing so. It doesn't matter what OS you are running if the user provides the root/admin password - the only defense is to take power away from that password.

I don't see why anyone would complain about Apple's rootless mode, since it protects the clueless from themselves - clueless people being clueless is what most malware relies upon, after all. Probably the reason it is a bit of pain to disable is to avoid clueless people being even more clueless and following instructions to do just that! The fact there is still malware circulating even today that requires people to open random attachments demonstrates that there are still a lot of clueless users out there.

1
0

Anti virus company peddling fear - who'd have thunk!!

Same old crap.

Macs are low in number therefor there are less viruses made for them.

Problem with this argument is that many devices/OS'es have viruses/trojans/RATs/ransomware/ when their marketshare is far lower than OS X.

OS X marketshare has hovered around 10% for many years - that is a lot of supposed cashed up, stupid people who don't know anything about security. Surely that's a fat juicy target!

iOS has quite a high marketshare but there has not been a single instance of any of the nasties that affect Android.

Vulnerabilities get reported and fixed all the time against ALL systems.

None of these are weaponised and used on OS X or iOS, and now TvOS or WatchOS. Surely that says something.

In the last 17 years of managing Mac professionally, I have come across maybe half a dozen instances of adware - very basic ad injection stuff from the likes of Conduit etc…

They were all a case of scam websites stating they needed to run a plugin to view some content.

The bigger threat I see now for OS X is simply social engineering to get login credentials to online assets like Google, Dropbox etc…

I clean up a few of these every month.

Wake me up when someone compromises a payment terminal on running Lightspeed on OS X, or a banking trojan that steals your money, or ransomware (like what affected Synology not so long ago).

Flame on.

4
3

"with jailbroken devices being the focus of the majority of threats"

So not concerns as such then (other than the ability to jailbreak in the first place). iOS is a locked down platform. If someone decides to jailbreak it, it's on their heads if said device is then vulnerable to exploits no? (Aside from the merits/not of locked down devices).

0
0
Bronze badge

Consistency please.

Almost all the Android Malware FUD stories fail to mention that they only affect the tiny number of users that have unlocked their handsets to use non-Google sources. This is akin to Jailbreaking on iOS.

When it's an iOS story, it's made very clear it only affects jailbroken handsets. When it's an Android malware FUD story, it's never mentioned..

Agenda????

8
2
Silver badge

Re: Consistency please.

Interesting, if true. Citation?

0
0
Silver badge

Re: Consistency please.

Yes, you're right, we all know how ElReg is in Apple's fruity pocket...

/sigh

1
0
Anonymous Coward

Re: Consistency please.

Have you ever seen or hears of seen a single person affected by stage fright MMS exploit? Nope thought not. Doesn't that seem strange given over a billion android handsets in active use.???

Go figure. The security companies you trust, how trustworthy are they when it comes to telling the truth...

1
0
Anonymous Coward

Re: Consistency please.

Found this from a month ago... Nowhere is it mentioned that you have to install it from a 3rd party website. And it's definitely not proclaimed in the subheading of the article...

http://www.theregister.co.uk/2015/11/23/smut_viewer_actually_android_malware/

0
0
Anonymous Coward

Re: Have you ever seen or hears of seen a single person affected by stage fright MMS exploit?

I've never seen an anteater. Doesn't mean they don't exist.

The security companies I trust? There aren't any. Doesn't mean I ignore everything they say.

Lack of evidence etc.....

2
0
Anonymous Coward

Re: Nowhere is it mentioned that you have to install it from a 3rd party website

Jailbreaking an iPhone requires slightly more effort than going into settings and selecting "allow untrusted installs".....

How many more apples are you desperate conspiracy theorists going to compare to my orange?

0
0

Re: Consistency please.

I just received yesterday,a post on Android Centrals article comments about stagefright. There was someone who reported that a text message mms was the likely tool used to infect her device with malware. Most users would never know what or how their devices were infected. Most would blame the oem or the carrier for shitty device performance. So how in the hell would you know whether stagefright has been used in the wild or not. Your statement only shows your ignorance as usual!

0
1
Facepalm

Apple store hosting malware

Has everyone forgotten only 2 months ago that the Apple store had over 4000 apps infected by the dodgy xcodeghost malware.

this would have affected non jailbroken devices also if you downloaded them surely?

3
0

Re: Apple store hosting malware

That was principally in China, where dodgy developers were downloading poisoned copies of Xcode from pirate sites due to China's restrictive web policies.

So it was a people problem, not a systematic one: People who used pirated copies of poisoned software made poisoned software. Surprise!

2
0
Anonymous Coward

Re: Apple store hosting malware

Still apps on there. As soon as they get spotted and cleaned, new ones arrive. Its hard to detect the xcode malware.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018