| Executives March 5, 2015

March 5, 2015

The State of iOS Security

By Lookout

The iOS App Store is not the impenetrable walled garden you think it is.
For years consumers have lifted up iOS as the safe mobile operating system. Comparatively, it does see much less malware than Android likely due to its rigorous manual testing of App Store apps and technological limitations that only allow approved apps on iOS devices. But to believe you’re 100 percent in the clear if you’re using an iOS device is a mistake.
Today, iOS malware looks a lot like Android malware in 2010. Android malware got its foothold in 2010 when researchers found the first trojan called “FakePlayer” in the wild. A year later, in 2011, we saw the first Android malware in the Google Play store called DroidDream.
Thus far, iOS malware has followed a similar pattern with threats appearing in the wild for jailbroken devices, moving to non-jailbroken devices, and finally sneaking into the official App Store. And while that was far from the end of the Android malware story, it’s just beginning for iOS. Kevin Mahaffey, Lookout’s chief technology officer, predicts that as iOS continues to grow around the world, particularly in emerging markets, we'll likely see more attackers focus their efforts on mainstream iOS users.
"Bad guys are rational economic actors. Because Android is so much more popular in the world they're targeting the largest platforms first,” says Kevin Mahaffey. “But criminals are soon going to double down on iOS with targeted attacks.”
Android and iPhone malware: the technical abilities aren’t all that different
Apple’s app review process -- a manual one where humans look at each app that is approved for distribution in the official App Store -- has done a good job of keeping less sophisticated malware off iOS devices, though it’s not perfect. For the malware that does make it onto iOS devices, attacks can actually execute a lot of the same malicious actions. Lookout has observed iOS attacks that can do the following:
iOS v Android technical
It’s much more of a level playing field than is generally assumed. Of course, the number of people actually affected by malware is significantly higher on Android, but in terms of what malware can do when actually on the device, the groundwork has been laid for significant threats to emerge.
iOS threats to date
Threats already exist for iOS and they aren’t trivial. Malicious actors are taking advantage of enterprise provisioning profiles, which are difficult in nature to get, but once you have it, you are able to push any application they want to any device. A number of the more current threats to iOS including WireLurker and XAgent use this tactic. Indeed, the world of iOS malware will continue to change, but let’s take a peek at what the landscape looks like today:



Leave a comment



John says:

May 11, 2015 at 12:53 pm

Great article. I will start coming to this site on a regular basis for great information like this

Naun says:

April 28, 2015 at 12:14 am

Por q me llega un correo avisando q le extrajeron o insertaron un tarjeta sim. Y eso es falso

Matthew Lawler says:

March 25, 2015 at 3:14 pm

This is an awesome explanation of mobile security for iOS. I'm part of a student team at Arizona State University and we just put together a mobile OS security breakdown. http://blog.zagg.com/os-security-comparison/ I think our research validates your claims.

Richard Yao says:

March 12, 2015 at 2:29 pm

Antivirus software is a waste of money. It primarily scans for obsolete malware and new malware is always designed to be undetected until a definition update. The only time antivirus software might be useful is when new malware is exploiting zero day vulnerabilities before a vendor patch is available, but the antivirus vendors never report their success rates in this and their software is no substitute for the proper security practices that almost always avoid such malware being a problem in the first place. They are quick to discuss set incidents without their software, but they never explain what their software would have accomplished had it been given the opportunity. If there was any actual utility, antivirus vendors would be upfront about it instead of resorting to fear mongering. The only thing that antivirus software can typically accomplish is try to clean up an old system after whatever catastrophe that it was advertised to prevent has happened, but it often does a poor job of that. If people insist on installing antivirus software, there is ClamAV, which is free, but it is only principally useful useful for cleaning up after the fact like all antivirus software.

Fred Perkins says:

March 12, 2015 at 10:11 am

I bought this only to realize it actually does nothing. It displays bogus information and even claimed my phone had something due to an app I did not even have installed. This is really bogus software. Nothing but a scam!!! Run away!

Meghan Kelly says:

March 12, 2015 at 3:52 pm

Fred, sorry to hear you're having trouble with the app. We're always looking for feedback. Would you email us? support [at] lookout [dot] com

+ Load more comments