Big Mac Attack

By Carl Weiss

Image courtesy of itechcode.com

It used to be that Mac, iPad and iPhone owners used to poke fun at PC and Android users, bashing them for the many ways and means that malware compromised these non-Apple systems.  Of course when you maintain an iron grip on who gets to develop software and hardware for you as Apple has always done, then there are many fewer paths of infection that can compromise a system.  PC and Android has always been a proponent of open architecture which means that anyone and everyone was free to develop everything from apps to operating systems.  This makes them patently more vulnerable to backdoor hacking.  However a spate of highly publicized iOS and OS X security issues have left Apple devotees wondering what happened.

The New York Times recently reported that “While malware attacks have been possible against jailbroken iOS devices for some time, a new piece of malware has been discovered that can infect even iPhones that have not been jailbroken.“

Additionally, Palo Alto Networks discovered a program called WireLurker  which can be used for a number of nefarious purposes including spying on users.

“The point of entry seems to be OS X computers, with researchers having found 467 malware OS X applications in the unofficial Maiyadi App Store in China that were downloaded more than  356,000 times in the past six months in the region.  Once on a Mac, WireLurker can infect any iPhone that’s connected via USB to the computer, and install malicious applications.  WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”

While the vulnerability of these systems is troubling, what is even more frightening is that these two hacks were not the only worms in the Apple.  In early October a Russian security company discovered another flaw in OS X that enabled hackers to take control of infected 17,000 devices using Reddit. 

Rt.com reported, “One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm.” It has not yet been determined how the malware spreads, but Russian experts say that once a Mac has been infected, the software establishes a connection with the command server.” http://rt.com/news/193032-mac-infected-hackers-reddit/

While hacking in general has always been a concern to computer users, what has really been causing many Apple users to wake up in a cold sweat are the number of ways in which hackers have been not only gaining but using their access.

Image courtesy of CBS News

Case in Point: On October 28 Fox News published a report concerning journalist Sharyl Attkisson who reported that her CBS computer and personal iMac had been repeatedly hacked and its contents accessed, including information pertaining to an article on Benghazi that was critical of the current Washington administration.

 Fox News further reported that, “Further scrutiny of her personal desktop (by a consultant hired by CBS) proved that the interlopers were able to co-opt her iMac and operate it remotely, as if they were sitting in front of it.” http://www.foxnews.com/politics/2014/10/27/highly-sophisticated-hacking-sharyl-attkisson-computers/

Inside Every Dark Cloud

And if hacks on iMacs and iPhones weren’t bad enough, Reuters reported on October 21 that Apple’s iCloud storage service in China had been hacked resulting in messages, passwords and even photos being compromised.  Employing a technique known as a Man-in-the-Middle attack, hackers were able to superimpose their own site between the users and the iCloud server.  The sophisticated attack was reputed to have been perpetrated by the Chinese government.

The reuters.com article went onto say that, “An Apple representative declined comment on the allegations that Beijing was trying to spy on Apple customers, but noted that the company had updated its technical support page to provide advice on how to protect against such attacks. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.” http://www.reuters.com/article/2014/10/21/us-apple-china-security-idUSKCN0I92H020141021

Rotten to the Core?

While these well-publicized security breaches have given a number of people pause to reconsider Apple’s new found vulnerabilities, there are still a number of people and organizations that still http://www.livetradingnews.com/ that detailed Home Depot’s recent security breach.  After the retail giant’s Microsoft-based payment data system was relieved of 53 million email addresses and 56 million credit card account numbers, the company bought two dozen new iPhones and MacBooks for its senior executives.believe that the latest big Mac attack is no cause for alarm.  Quite the contrary, if you read the November 10 blog by livetradingnews.com, you will find that:

“ It is not that Apple devices have not faced any security problems in past. They even had security issues but still Apple Inc. iPhone and MacBooks are comparatively secure platforms. They can deal with the malware and other threats in a much better way. Still, whether the use of Apple Inc. MacBooks and iPhones can solve the problem of security breaches for the Home Depot or not, time will tell. It is a high time for The Home Depot to seriously find the cause of the problem.” http://www.livetradingnews.com/home-depot-inc-nysehd-use-apple-inc-nasdaqaapls-iphones-macbooks-81726.htm#.VGPA_PnF8do

The sad fact of the matter is that regardless of the type of machine that you, I, or multinational corporate executives choose to use, there is no way to completely bulletproof yourself against hackers.  All you can do is make sure you keep your machines protected with at least three layers of anti-malware software, keep your software updated or face having to answer the toughest of all questions that comes with any big Mac attack, “You want fries with that?”

Carl Weiss cooks up online controversy every Tuesday at 4 p.m. Eastern on BlogTalkRadio