I guess that mobile malware is inevitable in some ways, and although we complain about Apple's app store policies, one of the benefits is the absence of malware like this.
Truly malicious iPhone malware now out in the wild : http://arstechnica.com/apple/news/2009/11/truly-malicious-iphone-malware-now-out-in-the-wild.ars
JailbreakMe using PDF exploit to hack your iPhone, so could the baddies : http://www.engadget.com/2010/08/03/jailbreakme-using-pdf-exploit-to-hack-your-iphone-so-could-the/
Hackers use iPhone 'worm' to get banking details http://eequalsmcsquare.com/hackers-use-iphone-worm-get-banking-details-malaysianewsnet-1
CitiBank's iPhone App Has Security Hole http://www.ismashphone.com/2010/07/bank-job-citibanks-iphone-app-has-security-hole.html
Panda releases IOS Anti-Virus Program http://www.theinquirer.net/inquirer/news/1800384/insecurity-vendor-releases-ios-anti-virus-program
.. and I could go on and on... funny how you never mentionned those too..
If you believe IOS is completely free of malware, ask yourself how come Apple isn't able to stop hackers from jailbreaking their devices? Why malicious people wouldn't use the same techniques to do it. And why security experts says using banking apps is a risk?
Do you know the iphone's communications are not even encrypted? You can also get all the data from an iphone just by connecting it to a USB port in the latest Ubuntu, even if its password protected! http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
Remember the people who used an IOS exploit that could jailbreak a device and install anything it wanted just by clicking a link in Mobile Safari? One of my friend's iphones was infected that way, he didn't believed it at first because in Apple's world, "viruses do not exists".. security through obscurity.. (you can claim it was because of a PDF flaw.. but remember its Apple who made their own PDF reader for IOS, not Adobe).
Anyhoo... yes mobile malware is inevitable. But remember you are as much at risk using IOS than Android, or anything else.. and I haven't talked about packet sniffing yet! :)
Things get by the Apple app inspectors all the time. Remember the Camera app that used some of the hard buttons in a way not inline with Apples rules. Who's to say someone couldn't find and exploit and then get an app approved and then bide their time until ready to "turn it on". Yes they can easily pull the app from the store, but by then, the damage is done.
It is important to note that this malware was attached to apps downloaded and sideloaded from a non-Google 3rd party "app market" in China.
Legitimate and, of course, uninfected versions of these apps are available on Google's Android Market in all 32 countries served by that market, free versions of many apps are available in many more.
If you are going to download and install apps off a Chinese 3rd party "app market"...
Since you said you are interested in stories like this (its from today) :
Apple Privacy Concerns Go To Court http://apple.slashdot.org/story/11/01/01/1233207/Apple-Privacy-Concerns-Go-To-Court
"From the article: 'Apple is being sued for allegedly letting mobile apps on the iPhone and iPad send personal information to ad networks without the consent of users.' Some of the apps listed are on the Android Market as well, but there is no mention of a similar problem for Google."
Apple is getting sued because they never did anything about apps sending unauthorized informations even though they've been aware of this situation for some time..
Truly malicious iPhone malware now out in the wild : http://arstechnica.com/apple/news/2009/11/truly-malicious-iphone-malware-now-out-in-the-wild.ars
ReplyDeleteJailbreakMe using PDF exploit to hack your iPhone, so could the baddies :
http://www.engadget.com/2010/08/03/jailbreakme-using-pdf-exploit-to-hack-your-iphone-so-could-the/
Hackers use iPhone 'worm' to get banking details
http://eequalsmcsquare.com/hackers-use-iphone-worm-get-banking-details-malaysianewsnet-1
CitiBank's iPhone App Has Security Hole
http://www.ismashphone.com/2010/07/bank-job-citibanks-iphone-app-has-security-hole.html
Panda releases IOS Anti-Virus Program
http://www.theinquirer.net/inquirer/news/1800384/insecurity-vendor-releases-ios-anti-virus-program
.. and I could go on and on... funny how you never mentionned those too..
If you believe IOS is completely free of malware, ask yourself how come Apple isn't able to stop hackers from jailbreaking their devices? Why malicious people wouldn't use the same techniques to do it. And why security experts says using banking apps is a risk?
Do you know the iphone's communications are not even encrypted? You can also get all the data from an iphone just by connecting it to a USB port in the latest Ubuntu, even if its password protected! http://www.zdnet.com/blog/hardware/ubuntu-lucid-lynx-1004-can-read-your-iphones-secrets/8424
Remember the people who used an IOS exploit that could jailbreak a device and install anything it wanted just by clicking a link in Mobile Safari? One of my friend's iphones was infected that way, he didn't believed it at first because in Apple's world, "viruses do not exists".. security through obscurity.. (you can claim it was because of a PDF flaw.. but remember its Apple who made their own PDF reader for IOS, not Adobe).
Anyhoo... yes mobile malware is inevitable. But remember you are as much at risk using IOS than Android, or anything else.. and I haven't talked about packet sniffing yet! :)
Quote;
ReplyDelete"according to Lookout, a company that makes antivirus software for Android."
Why do these virus scares always seem to occur when a new antivirus software comes to market?
Sorry for the wall of text :D
ReplyDeleteThings get by the Apple app inspectors all the time. Remember the Camera app that used some of the hard buttons in a way not inline with Apples rules. Who's to say someone couldn't find and exploit and then get an app approved and then bide their time until ready to "turn it on". Yes they can easily pull the app from the store, but by then, the damage is done.
ReplyDeleteIt is important to note that this malware was attached to apps downloaded and sideloaded from a non-Google 3rd party "app market" in China.
ReplyDeleteLegitimate and, of course, uninfected versions of these apps are available on Google's Android Market in all 32 countries served by that market, free versions of many apps are available in many more.
If you are going to download and install apps off a Chinese 3rd party "app market"...
USE A CONDOM!
i remember hearing about some iphone apps that would send (sell?) your information..
ReplyDeleteyeah, apple got rid of them. but what about all the other apps that may still do this..? i don't think apple is perfect :p
@Palm Sound
ReplyDeleteSince you said you are interested in stories like this (its from today) :
Apple Privacy Concerns Go To Court
http://apple.slashdot.org/story/11/01/01/1233207/Apple-Privacy-Concerns-Go-To-Court
"From the article: 'Apple is being sued for allegedly letting mobile apps on the iPhone and iPad send personal information to ad networks without the consent of users.' Some of the apps listed are on the Android Market as well, but there is no mention of a similar problem for Google."
Apple is getting sued because they never did anything about apps sending unauthorized informations even though they've been aware of this situation for some time..
Johnnyg0, you're right, there's lots of problems with Apple and their process is not perfect either, not by a long way indeed.
ReplyDeleteI do take your point, and I read the entire wall of text and appreciate you taking the trouble to post it.
I guess all platforms are going to have their issues, and the more popular the more problems!