back to article All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …

  1. Ralph B

    Cart and Horse

    > This is partly driven by the increased popularity of Macs but mainly down to successful targeting by crooks.

    Yebbut, the targeting by crooks is mainly driven by the increased popularity. Or am I missing a nuance here?

  2. Steve Davies 3 Silver badge

    So...

    A report on a problem issued by a company that wants to Sell stuff to defend against that problem?

    Who'd a thought it eh?

    does anyone really use their crap software anymore? Be honest now!

    1. Naselus Silver badge

      Re: So...

      "A report on a problem issued by a company that wants to Sell stuff to defend against that problem?"

      Yes, I'm an infosec company reporting on information security obviously has a double motive. I won't trust this until it's confirmed by a disinterested actor like a shoe shop or something. I'll get rid of all my network's antivirus and firewalls, too, since I've yet to see a single press release from Topshop advising me to use them.

  3. W Donelson

    No absolute numbers provided. Why?

    Windows had 30 million NEW malware threats in 2014 or about 82,000 per day.

    1. Anonymous Coward
      Anonymous Coward

      Re: No absolute numbers provided. Why?

      Because that's not news.

      Also, growth percentages are used because "fuck all growing to almost fuck all" doesn't bait the clicks as much.

      1. David Glasgow

        Re: No absolute numbers provided. Why?

        Also, a metric relating to threats on platform A has no relevance to risk reduction of platform B, unless one is choosing between platforms on the basis of number of threats.

        In fact, sharing such metrics could increase risky behaviour by encouraging false subjective probability and potential harm re platform B based on an irrelevant comparison of unrelated threats.

        I do risk assessment. Of humans.

    2. Terry Barnes

      Re: No absolute numbers provided. Why?

      Zero ever for Windows Phone however.

      1. RubberJohnny

        Re: No absolute numbers provided. Why?

        Zero ever for Windows Phone however.

        Units sold?

        1. Anonymous Coward
          Anonymous Coward

          Re: No absolute numbers provided. Why?

          "Units sold?"

          Over 100 million.

          1. Anonymous Coward
            Anonymous Coward

            Re: No absolute numbers provided. Why?

            >Over 100 million.

            95 million returned or are in landfill.

            1. Anonymous Coward
              Anonymous Coward

              Re: No absolute numbers provided. Why?

              Lol, 100m apparently sold (more likely shipped bd then buried). I think if you find that hole in Mexico where they found all the Nintendo cartridges, it will be filled with lumias

              I know nobody that has one, I know nobody that wants one, and I see nobody in the street or on the tube with one.

              So where are these units...???? Apart from in Microsoft propaganda.

              1. Anonymous Coward
                Anonymous Coward

                Re: No absolute numbers provided. Why?

                So where are these units...?

                My wife has one for work purposes (NHS), and my employers (BigBadCorporate) have just announced that the bosses will get iPhones, we peasants will be getting sh*tty Microsoft phones.

                So, not buried anywhere, but carried unwillingly by those unfortunate enough to have corporate drones in IT and their accountant friends deciding to buy rubbish because it is cheap.

      2. Anonymous Coward
        Anonymous Coward

        Re: No absolute numbers provided. Why?

        >Zero ever for Windows Phone however.

        Because hackers are not interested in the four sad idiots who bought a windows phone, that also goes for App developers too.

        1. caffeine addict Silver badge

          Re: No absolute numbers provided. Why?

          Pretty sure that's the argument we used to use about why there were so few viruses in Apple world...

        2. Naselus Silver badge

          Re: No absolute numbers provided. Why?

          "Because hackers are not interested in the four sad idiots who bought a windows phone, that also goes for App developers too"

          While inflammatory, this is pretty much accurate. But it's odd that when no-one targets Windows Phone, it's because no-one uses it, while when no-one targets Apple products (with a similarly tiny userbase) you attribute it to their brilliant security regime as opposed to no-one in their right mind storing anything remotely valuable on a Mac.

          1. Anonymous Coward
            Anonymous Coward

            Re: No absolute numbers provided. Why?

            as opposed to no-one in their right mind storing anything remotely valuable on a Mac Windows

            Fixed it for you. It's so much easier securing even the most basic MacBook and keeping it that way that not using them for sensitive stuff ought to immediately result in negligence charges when it inevitably goes wrong. The tools are there to do it right by default, and on a Mac they're built-in (read: supported by the manufacturer).

      3. Anonymous Coward
        Anonymous Coward

        Re: No absolute numbers provided. Why?

        Zero ever for Windows Phone however.

        Even the more ardent criminal has some self respect and will not want to be seen buying/stealing a Windows phone, so yes, I can believe that. Besides, who needs an extra virus when one has Windows already?

    3. TheVogon Silver badge

      Re: No absolute numbers provided. Why?

      Of the 6.3 million Android apps analysed in 2014, one million of these were classified as malware, while

      2.3 million were classified as grayware. A further 1.3 million apps within the grayware category were

      classified as madware.

      1. Deltics

        Re: No absolute numbers provided. Why?

        And 6.2 million were classified as a complete waste of time for everyone involved.

  4. John Robson Silver badge

    This oculd be due to the popularity of windows...

    Or it might be due to the fundamentally different starting points of DOS and BSD

    1. Kristian Walsh Silver badge

      Re: This oculd be due to the popularity of windows...

      Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days). The NT kernel was modelled on VMS.

      I use both OSes daily. There really is no difference in privilege escalation between OSX and Windows. Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek.

      The vast majority of malware doesn't "crack" a system, it fools the user into handing over the keys. This is why tainted installers are so useful as a vector - users are less concerned that an application installer asks for temporary admin privilege. (MacOSX is the same as Windows here).

      In my experience of cleaning up after this stuff (and a brief period working for an anti-malware company), a lot of users will accept any kind of unexpected privilege escalation if they think they're getting something for free.

      Windows is still a more lucrative target than OS X, simply because Windows PCs are more likely to be in business-critical functions in small businesses. A cryptlocker in an small accountancy practice, two days before the filing deadline is way more likely to yield a payout for the malware writer.

      1. John Robson Silver badge

        Re: This oculd be due to the popularity of windows...

        "Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days). The NT kernel was modelled on VMS.

        I use both OSes daily. There really is no difference in privilege escalation between OSX and Windows. Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek."

        Yes - but I couldn't remember VMS offhand, and DOS was a more polarised difference...

        Priviledge escalation is possible on any OS:

        http://www.theregister.co.uk/2015/07/22/os_x_root_hole/

        http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

        http://www.theregister.co.uk/2015/06/24/killer_character_hoses_smallalmostsmall_all_versions_of_reader_windows/

        http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/

        Just the top links from a google search of priv esc against the register domain for the mostly discussed OSes (yes I know netBSD != FreeBSD, I only searched BSD)

        Of course it is far easier to ask for the rights from the user - who usually doesn't understand what's hapening and has been trained to "click yes if you want the computer to work"

      2. Wensleydale Cheese Silver badge
        Unhappy

        Re: This oculd be due to the popularity of windows...

        "Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days)."

        Not quite. The culture of DOS malware simply moved to Windows as a target as the original DOS elements disappeared.

        "The NT kernel was modelled on VMS."

        "Modelled" is a far cry from "implemented like". The practice of passing arguments by descriptor didn't make it into NT, and new attack vectors such as Autorun were introduced.

        Running everything from the Adminstrator account by default was never a good idea.

      3. Anonymous Coward
        Anonymous Coward

        Re: This oculd be due to the popularity of windows...

        "Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek.

        The vast majority of malware doesn't "crack" a system, it fools the user into handing over the keys. "

        I don't know if you have a citation for that but in my experience nearly all the malware is either from the malware using a hole in an application that already has escalated privileges (every installed application on your system, eg Flash, Java etc) or can run from userland and doesn't need escalation - eg. cryptowall.

        As most business users don't have any escalation rights at all it would be great if all malware had to go through UAC, but it doesn't so businesses still get many issues.

        Giving a simple option to applications (including macro enabled) running from userland without admin approval would be a big help (it can be done manually using group policies or AV software), stopping new processes (different sig) being created by existing applications without whitelisting would be another help (e.g flash.exe can't create and call a process called virus.exe without approval - you could whitelist windows update for example).

        1. Naselus Silver badge

          Re: This oculd be due to the popularity of windows...

          "I don't know if you have a citation for that but in my experience nearly all the malware is either from the malware using a hole in an application that already has escalated privileges (every installed application on your system, eg Flash, Java etc) or can run from userland and doesn't need escalation - eg. cryptowall."

          Not really. Spend some time on a warez site and you'll quickly discover just how much malware is delivered via simply asking the user to install it. Like those endless browser object malwares from the mid-2000s that often came bundled with legit software; you downloaded Java, don't untick the minuscule 'also install computer syphilis!' box, and then had to spend the following six weeks trying to peel it off the system. Oracle still haven't stopped shipping toolbars and hijackers with Java.

          Besides, most breaches are now more of a combination anyway - there's a significant social engineering element to convince the user to allow the vector to be opened (faking a conference so that you can deliver a fake calendar invite that delivers your payload; metasploiting a fake website etc).

          In the end, though, if you think that modern Windows is significantly less secure than Mac OSX, then that just means you don't understand how to configure a modern Windows box properly. Security pros don't see Windows as being any worse than Apple in terms of inherent security - in fact, many find Apple's walled garden deeply worrying because it runs counter to the 'assume you're already breached' philosophy which now dominates infosec (hence why Eugene Kaspersky claimed Apple were over a decade behind Microsoft in security terms in 2012 or so - they are literally working in a different paradigm from modern IT security, like if there was one cutting-edge science lab which insisted on still explaining everything in terms of Phlogiston and Aether).

          1. Anonymous Coward
            Anonymous Coward

            Re: This oculd be due to the popularity of windows...

            "Not really. Spend some time on a warez site and you'll quickly discover just how much malware is delivered via simply asking the user to install it. Like those endless browser object malwares from the mid-2000s that often came bundled with legit software; you downloaded Java, don't untick the minuscule 'also install computer syphilis!' box, and then had to spend the following six weeks trying to peel it off the system. Oracle still haven't stopped shipping toolbars and hijackers with Java."

            I'm assuming that the target audience here and most readers are business IT users and so their users would not have admin access to allow install of nasties and wouldn't be browsing a warez site. The user would also not be able to install any associated application, the IT team would do it and generally automated through group policies or deployment servers.

          2. Anonymous Coward
            Anonymous Coward

            Re: This oculd be due to the popularity of windows...

            that just means you don't understand how to configure a modern Windows box properly

            But Windows is a consumer OS - it should be already like that.

  5. Mike Bell

    iOS Jailbreaking is a good thing...

    ...because each and every instance of an iOS jailbreak installation relies on some kind of existing vulnerability. With each new iOS update, Apple close the vulnerability, which makes it more secure for all, and the jailbreak authors have to try a little harder. There have been times when jailbreaks have been unavailable for months.

    As the article says, jailbreakers need to be aware of the risks, because it's them - almost always them - that are targeted by iOS malware.

    I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above.

    1. Si 1

      Re: iOS Jailbreaking is a good thing...

      I used to jailbreak but there's just no point any more. iOS does everything I need with only emulators being missing from the App Store... and I can get those now by just building them in Xcode (Provenance is especially easy). There's really no need to jailbreak these days other than to prove you can...

    2. Voyna i Mor Silver badge

      Re: iOS Jailbreaking is a good thing...

      "I don't jailbreak, myself, since I personally get by with what's provided by the walled garden. But I'm glad there are people willing to take a hit, for the reasons above."

      Nor do I. I'd add that it is increasingly unsafe to have even one jailbroken/unlocked device among several that are not because as synchronisation between devices gets deeper the risk of that unlocked device being a vector into the others increases. I would be extremely nervous now about using Windows desktop-sharing software for precisely this reason; it may enable cross-platform attacks.

      Criminals, eh? Ruining everything for everybody, mostly in pursuit of a not very good income.

  6. boltar Silver badge

    Yet more excuses for Apple to wall off OS/X even more

    They've already limited what root can do. Great you think! No , not really if you're an admin or someone who wants to run your system without having to use Apple signed programs to get anything done. What if apple hasn't written a program to do what I want to do? Tough luck then I guess. This is the thin end of a very long wedge. Ultimately their goal is almost certainly to lock down OS/X to near iOS levels - for our security naturally! - whereby only apple approved programs can be downloaded from apple approved sites. Or just the one site - App Store.

    1. Steve Todd
      Stop

      Re: Yet more excuses for Apple to wall off OS/X even more

      App signing is a requirement you can turn off. Also it's not Apple who sign it, it's a developer key that is used. You still have full control of what runs under OS X.

      1. boltar Silver badge

        Re: Yet more excuses for Apple to wall off OS/X even more

        "You still have full control of what runs under OS X."

        Sure, but you don't have full control over what can edit some system files. If its not apple signed it wont work on the latest versions of the OS.

        1. Mike Bell

          Re: Yet more excuses for Apple to wall off OS/X even more

          Rootless mode was introduced with El Capitan so that many system files and folders are off limits to all third party applications. And a good thing, too. Those files should not be tampered with, even if you are able to type in God's password when some malware has popped up a dialog box.

          But... if you are a really determined owner, it's possible to disable rootless mode. Google it. It's a bit of a palaver, but possible.

          1. boltar Silver badge

            Re: Yet more excuses for Apple to wall off OS/X even more

            "And a good thing, too"

            Good for whom? Us because it makes administration a pain or Apple because it cuts down any potential root exploits in their software that could be bad publicity?

            Unix has managed fine with root having complete control over the system for 40 years and Linux still manages fine today.

            1. DougS Silver badge

              Re: Yet more excuses for Apple to wall off OS/X even more

              Neither Linux nor Unix are or ever were being run on a PC by "average people" like OS X is. It is a lot harder to trick a typical Linux desktop user into typing the root password in a dialog box just because it is asked for than it is to trick the typical Mac/Windows user into doing so. It doesn't matter what OS you are running if the user provides the root/admin password - the only defense is to take power away from that password.

              I don't see why anyone would complain about Apple's rootless mode, since it protects the clueless from themselves - clueless people being clueless is what most malware relies upon, after all. Probably the reason it is a bit of pain to disable is to avoid clueless people being even more clueless and following instructions to do just that! The fact there is still malware circulating even today that requires people to open random attachments demonstrates that there are still a lot of clueless users out there.

    2. Naselus Silver badge

      Re: Yet more excuses for Apple to wall off OS/X even more

      "if you're an admin"

      There's your problem right there, you're an administrator trying to use Apple software.

  7. DesktopGuy

    Anti virus company peddling fear - who'd have thunk!!

    Same old crap.

    Macs are low in number therefor there are less viruses made for them.

    Problem with this argument is that many devices/OS'es have viruses/trojans/RATs/ransomware/ when their marketshare is far lower than OS X.

    OS X marketshare has hovered around 10% for many years - that is a lot of supposed cashed up, stupid people who don't know anything about security. Surely that's a fat juicy target!

    iOS has quite a high marketshare but there has not been a single instance of any of the nasties that affect Android.

    Vulnerabilities get reported and fixed all the time against ALL systems.

    None of these are weaponised and used on OS X or iOS, and now TvOS or WatchOS. Surely that says something.

    In the last 17 years of managing Mac professionally, I have come across maybe half a dozen instances of adware - very basic ad injection stuff from the likes of Conduit etc…

    They were all a case of scam websites stating they needed to run a plugin to view some content.

    The bigger threat I see now for OS X is simply social engineering to get login credentials to online assets like Google, Dropbox etc…

    I clean up a few of these every month.

    Wake me up when someone compromises a payment terminal on running Lightspeed on OS X, or a banking trojan that steals your money, or ransomware (like what affected Synology not so long ago).

    Flame on.

  8. Shell

    "with jailbroken devices being the focus of the majority of threats"

    So not concerns as such then (other than the ability to jailbreak in the first place). iOS is a locked down platform. If someone decides to jailbreak it, it's on their heads if said device is then vulnerable to exploits no? (Aside from the merits/not of locked down devices).

  9. Planty Bronze badge

    Consistency please.

    Almost all the Android Malware FUD stories fail to mention that they only affect the tiny number of users that have unlocked their handsets to use non-Google sources. This is akin to Jailbreaking on iOS.

    When it's an iOS story, it's made very clear it only affects jailbroken handsets. When it's an Android malware FUD story, it's never mentioned..

    Agenda????

    1. sabroni Silver badge

      Re: Consistency please.

      Interesting, if true. Citation?

      1. Anonymous Coward
        Anonymous Coward

        Re: Consistency please.

        Have you ever seen or hears of seen a single person affected by stage fright MMS exploit? Nope thought not. Doesn't that seem strange given over a billion android handsets in active use.???

        Go figure. The security companies you trust, how trustworthy are they when it comes to telling the truth...

        1. Anonymous Coward
          Anonymous Coward

          Re: Have you ever seen or hears of seen a single person affected by stage fright MMS exploit?

          I've never seen an anteater. Doesn't mean they don't exist.

          The security companies I trust? There aren't any. Doesn't mean I ignore everything they say.

          Lack of evidence etc.....

        2. oneeye

          Re: Consistency please.

          I just received yesterday,a post on Android Centrals article comments about stagefright. There was someone who reported that a text message mms was the likely tool used to infect her device with malware. Most users would never know what or how their devices were infected. Most would blame the oem or the carrier for shitty device performance. So how in the hell would you know whether stagefright has been used in the wild or not. Your statement only shows your ignorance as usual!

      2. Anonymous Coward
        Anonymous Coward

        Re: Consistency please.

        Found this from a month ago... Nowhere is it mentioned that you have to install it from a 3rd party website. And it's definitely not proclaimed in the subheading of the article...

        http://www.theregister.co.uk/2015/11/23/smut_viewer_actually_android_malware/

        1. Anonymous Coward
          Anonymous Coward

          Re: Nowhere is it mentioned that you have to install it from a 3rd party website

          Jailbreaking an iPhone requires slightly more effort than going into settings and selecting "allow untrusted installs".....

          How many more apples are you desperate conspiracy theorists going to compare to my orange?

    2. caffeine addict Silver badge

      Re: Consistency please.

      Yes, you're right, we all know how ElReg is in Apple's fruity pocket...

      /sigh

  10. sjaddy
    Facepalm

    Apple store hosting malware

    Has everyone forgotten only 2 months ago that the Apple store had over 4000 apps infected by the dodgy xcodeghost malware.

    this would have affected non jailbroken devices also if you downloaded them surely?

    1. Paul F

      Re: Apple store hosting malware

      That was principally in China, where dodgy developers were downloading poisoned copies of Xcode from pirate sites due to China's restrictive web policies.

      So it was a people problem, not a systematic one: People who used pirated copies of poisoned software made poisoned software. Surprise!

    2. Anonymous Coward
      Anonymous Coward

      Re: Apple store hosting malware

      Still apps on there. As soon as they get spotted and cleaned, new ones arrive. Its hard to detect the xcode malware.

  11. Quortney Fortensplibe
    Headmaster

    Jailbreaking / Rooting/ Untrusted Sources

    I have an old iPhone and also an Android tablet. The iPhone is jailbroken and the tablet rooted. Not because I want to install any dodgy or pirated software on either. But simply because both systems in their locked down state refuse to allow me to block the insidious and ever more pervasive advertising, that completely ruins my enjoyment of the devices.

    So. On the one hand, both gadgets are supposedly less secure, as I've jailbroken/rooted them. On the other hand, I rarely see an advert on either and, given this report states "..Much of the spike is down to grayware, such as adware..." , it looks like a bit of a case of swings and roundabouts to me. [Not that I'd ever click on one of the fucking things, anyway]

    Not everyone who jailbreaks/roots is a dodgy freetard, looking to avoid paying for software. Some of us just want to be able to enjoy using our devices, without the screens being permanently defaced by blinking and flashing digital diarrhoea.

    1. Dadmin
      Holmes

      Re: Jailbreaking / Rooting/ Untrusted Sources

      And so you should! That device belongs to you, not leashed [sic] from the manufacture with only their one OS implementation to feed you their own brand of crap and ads. Every device should have alternate OSes available for it. Why do you think the RPi is so popular? It's a general purpose kit with great specs and a tiny price and footprint and it runs dozens of useful OSes on it. End of story. There is no RaspberryPi Corporation hell-bent on driving their numbers up, UP, and UP! It's how old-timey business still work today; if we ain't growin', if we aren't boosting our numbers in a generally upwards direction and any cost, then we are dead in the water. It's a foolish way of doing things so you can equate bad customer service and high employee turnover into a "good thing" when viewed from the lemming's perch of your nearby scam-market, er, I mean stock market. What kind of company's products do you want, all products being equal? You want the "up the ladder fast as we can, get our growth up, fuck you Mr. Customer if you get in our way!" company, or the one that gives two shits about their customers and making a great product that people can do with whatever they please, even sticking them in a blender to chop up? The kind of company that allows freedom in their own hardware or products usage. I'm a long-time Apple user, but when I saw the "Apple Store" arrive, I knew the days of my mostly Mac home production systems were on the decline. And with a real computer costing anywhere from $5 to $45 for the main board, why do I want to lock myself down to a single company as my vendor for my home computing needs? I have the Intel boxen, and these tiny ARM boxen, I don't need some upity software house claiming permanent, non-revokable ownership of their crap software on a piece of hardware I own outright. Fuck a ELUA, reading them and abiding by them is for muggles. End of story.

      Also, if you only use one type of OS, keep your fucking keyboard on standby, friends. I have used every kind of system, with every kind of OS and many on a daily basis. Have you used Motif on an SGI IRIX box lately? I have one in my kitchen. Do you have a MacOS 7 installer disk set lying around, or perhaps 4.5? Ever repurpose a pizza box Intel server into a desktop system running the very awful Windows 2000 as a gaming box? Ever boot a DEC PDP/11-34 from the front panel and a cold start? I've used OpenWindows, Motif, any Windows post W95, every MacOS ever (yes, I have 1.0, and 2.x and every flavor still runnable on old original hardware), real Unix (Solaris w/OpenWin and JDS, AIX, HP/UX, FreeBSD w/o desktop), so many different Linux distros that your head would spin, and I have this to say about it; THEY ALL SUCK IN SOME WAY, and it's up to you to make it work, or sit and bitch about it because you lack the skills to wade through the GUI. When you grow up you can do everything from the command line, and THEN, and only then can you chime in with your silly; "my OS can beat up your OS" comment. WAIT FOR IT! and go

  12. Anonymous Coward
    Anonymous Coward

    "Not everyone who jailbreaks/roots is a dodgy freetard, looking to avoid paying for software. Some of us just want to be able to enjoy using our devices, without the screens being permanently defaced by blinking and flashing digital diarrhoea."

    There's also the well-known nasty of Android 4.4, whereby Google in their infinite wisdom decided that applications being able to save files to the external SD card was somehow a "security risk". This left users with precisely four options; (1) give up the idea of using one's Android tablet for useful work; (2) save work to the internal storage, and risk losing any you haven't backed up when the device fails; (3) save work to cloud storage, with all the bandwidth expenses and real (not imagined) security risks this entails; or (4) jailbreak the device, so you can use it your way, not Google's.

    Strangely, the Sky Go app claims not to run on jailbroken tablets; but it works fine on mine. Perhaps Sky has realised that for Android 4.4 users, jailbreaking is an essential tool for using their device?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019