The popularity of Apple devices is attracting malware, according to a report from Intego

News by Greg Masters

Amid speculation that Apple is set to introduce its tablet device tomorrow at a press event in California, a discussion of the security implications will not likely be mentioned.

Amid speculation that Apple is set to introduce its tablet device tomorrow at a press event in California, a discussion of the security implications will not likely be mentioned.

While the device is already being touted as a game-changer in the publishing industry, reportedly introducing a new digital platform with a ten-inch screen for the delivery of newspaper and magazine content, what is likely to follow within months of the debut, if history is any precedent, is a new wave of malware targeting the device.

Users tuning in for their daily news feed or perusing copies of their favourite magazines may become victims of new iterations of malware likely intended to steal their passwords and personal information to then be offered for sale in the nether regions of cyberspace.

This scenario echoes Apple's January 2009 introduction of new software at Macworld Expo, a forum the company traditionally uses to roll-out new products and to announce updates to existing ones.

According to an annual report, The Year in Mac Security from Intego, following the release of an update to Apple's iWork 2009 suite of software, malware writers immediately introduced the iServices Trojan Horse as a supplement hidden inside an installer available to users downloading bootlegged versions from BitTorrent and other grey and black market distributors of pirated software.

Despite the fact that the file was 450MB, Intego found that within a short time, more than 20,000 people had downloaded the pirated software. Along with the legitimate functions, they received a Trojan that opened a backdoor on their Macs that tethered the infected machines to remote servers that gave out new code. This effectively enlisted the infected machines in a botnet involved in distributed denial-of-service attacks and other nefarious actions.

The Intego report stated that following up on the successful implementation, the same cyber gang issued the next version of their malware planted in Adobe Photoshop CS4 for Mac, again distributed via BitTorrent. In April, Intego detected proof-of-concept malware, Tored.A, that was created in RealBasic code. This self-contained application tried to copy itself to root folders on Macs and then siphoned email addresses from the Mac utility address book and sent emails containing the malware. The virus was also capable of linking the user machine to a botnet and recording keystrokes.

While the Apple OS is more secure than that on Windows machines, a number of security issues involved flaws in software for Apple systems and the OS itself, the report pointed out. This necessitated the California-based giant issuing 39 security updates in 2009, covering hardware, the Mac OS X, as well as Apple software. This is in addition to fixes that were issued throughout the year for specific software, such as for the Safari browser, Adobe Acrobat, iTunes, QuickTime and GarageBand.

A tide turned when Apple announced in August that Snow Leopard, the latest update to its OS, would contain an anti-virus feature. This followed years of the company claiming that its OS was invincible from virus and malware attacks.

Intego's report, however, said the built-in anti-malware feature was limited in its effectiveness and range, capable of thwarting attacks from only two Trojans and only from files downloaded with a small number of applications. As of January 2010, this feature had not been updated, the report said.

Security holes were not limited to Mac desktops and laptops. The popularity of the Apple iPhone drew attention from malware writers as well in 2009. When Apple issued an update to the mobile device's OS in June, it contained patches for more than 40 security flaws.

At a conference in Singapore in July, Charlie Miller, a Mac hacker who works for Baltimore-based Independent Security Evaluators, unveiled a flaw in the manner in which the iPhone processes text messages. This reportedly can enable an attacker to take control of the device and eavesdrop or locate a user through the phone's GPS capability. Apple patched this flaw the following month.

'Jailbreaking', the act of unlocking an iPhone to allow for the installation of unauthorised software, a trick many users implement to allow them to use networks other than the proprietary AT&T, was responsible for a number of security concerns in 2009.

Besides invalidating the warranty, once a device is 'jailbroken', a majority of security precautions embedded in the device's OS are removed. Further, updates are no longer available to these devices, so when Apple released version 3.1 in September with ten security patches, the push could not protect those with 'jailbroken' iPhones.

As might be expected, malware authors began targeting the compromised devices with mischievous tweaks, as well as moneymaking schemes. Using port scanning to find unsecured iPhones, a Dutch hacker sent SMS messages with an offer to secure the device – for five euros. Another hacker tool was discovered by Intego in November that was capable of copying personal information from 'jailbroken' iPhones, without the owner's knowledge.

While the past year saw an alarming increase in malware attacks targeting Mac platforms, the report's conclusion may be even more dire. "Many of these operating system vulnerabilities pave the way for unseen malware attacks," the report said.

This warning may prove prescient considering the imminent release of the Apple tablet device.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews