Save Our Selfies 2: iOS Hacks and VirusesAug 04, 2015
For part two of my Save Our Selfies feature, I’d like to focus on the possibility of Apple viruses. While it’s much easier to get a virus on an Android operating system, there are viruses for the iOS device. However, there are major differences in the way the virus is contracted, as well as how it affects the phone.
First off, Apple does a great job protecting their app store from malicious software. It is nearly impossible to download a malicious app onto an iPhone, because Apple verifies that all of their apps are safe to download before publishing them on the App Store.
There are still some potential threats, though hardly any of them make the news, because they are so isolated. However, many viruses make it onto your phone using similar methods, so that’s what we’ll look at this week.
According to Daniel Eran Dilger, a blogger for AppleInsider.com, iPhone users are tricked into disabling their security settings.
“Mac and iOS users are protected from viruses and malware by default unless the user bypasses their security systems, by jailbreaking an iOS device; by disabling the protections of Mac OS X’s GateKeeper; or by choosing to ‘Trust’ app installs that iOS identifies as being from an ‘Untrusted App Developer,’” Dilger writes.
As Dilger points out, iPhone users most at risk are those who choose to jailbreak their devices by overwriting the normal iPhone iOS with a custom operating system that bypasses Apple’s built-in security. These jailbroken operating systems allow users to download apps that have not been approved for the App Store.
One example is WireLurker, a Mac computer app that downloads bootleg copies of music, movies, and software. These downloads often contain hidden viruses that infect programs such as iTunes and iPhoto. Once users plug iPhones into their computers, the malware uses the USB connection to jump from the computer onto the phone.
Again, the only way to get this virus is through using a jailbroken phone and WireLurker on your computer. Unless you are pirating movies, music, or software, you should be fine.
The second type of attack we’ll look at has been dubbed a “Masque Attack” – named by software security firm FireEye. A Masque Attack is intended to fool users into installing malicious apps on their iPhones and iPads. According to Nick Arnott, blogger for the iMore website, an attacker has to follow a detailed process in order to gain access to your phone’s security system. An attacker must:
- Have an iOS Developer Enterprise Program account or the universal device identifier (UDID) for the device they want to target.
- Make a malicious app that looks like a popular, existing app. (A fake Gmail app that simply loads the Gmail website in FireEye’s example.)
- Get you to download their fake app from outside the App Store. (For example, by sending you an email with a link in it.)
- Get you to agree to the iOS popup that warns you the app you’re trying to install is from an untrusted source.
This software poses as an app that is already pre-installed to your iPhone, such as “NewStand” or the “Stocks” app. It is designed to steal personal information and ransom money from people to not leak their information. The virus can also pose as your banking app and steal banking information.
All of this, as scary as it may sound, is highly unlikely to ever happen to you. If you suspect that you’ve installed a Masque app, it can be removed by deleting the bad app and re-installing it from App Store. It’s also a good idead to change all passwords for any associated accounts.
Of course, if you want to be sure you get rid of any potential threats, read the next three words very carefully:
DELETE IT ALL!
You heard me. Stop picking through your apps, stop deciding which picture to save. If you want to be absolutely sure you get rid of malware, delete everything! Once it’s all deleted, wipe your phone, and redownload all your apps.
That being said, you probably don’t have any malware on your phone. The reason why I know you don’t have a virus is the same reason we saw Cara Delevingne in all her glory. Do you know the difference between you and Cara Delevingne? She is famous. You and I are not.
Hacks for iOS tend to be targeted. I have nothing on my phone that everyone in the world wants to see, but Jennifer Lawrence does. So let’s end where I began. The photos of the 100+ celebrities that were leaked to the media were due to a hack, not a virus. There was not a flaw in iCloud. The hackers were people with too much time on their hands who hacked the celebrities’ computers for their passwords and answers to their security questions.
So, as long as nobody knows your passcode to unlock your phone, you don’t worry too much about deleting that scandalous selfie. And your bank account is more likely to get hacked at Target than your phone. This means you can take a deep breath and relax. Because unlike Rihanna and Hayley Williams, our pictures are (probably) safe. Yay for being average!
– The Screen Queen
Send either of our stores a message on Facebook