Mobile
My iOS apps
Other apps
Open source
  • Bandwidth benchmark
  • TouchWidgets UI lib
  • Diviner big number math
  • Documentation
  • x86 instructions ref
  • GIT quick ref
  • GPG quick ref
  • Avoid Ubuntu
  • Android malware risks
  • iOS malware risks
  • OS/X security tips
  • Who blocks Tor
  • Software engineering
  • BASH aliases
  • I.B. pro/con
  • Nutrition
  • Blog
  • Contact
    1 at zsmith dot co

    iOS Malware Overview

    Revision 3
    © by
    All rights reserved.

    How malware reaches your iOS device

    Apps using infected libraries

    Libraries downloaded as object code can have anything in them, including spyware and other malware. This is one reason why programmers' use of CocoaPods is a bad idea. Sure, CocoaPods saves some time and makes it easier to put new features into apps. But it is like downloading a PDF via BitTorrent. There is a chance of infecting innocent iPhone owners' phones.

    Programmers' convenience + users' risk = unethical.

    Apps using insecure libraries

    At one point recently, many banking iOS banking apps became vulnerable to MITM attacks because they used AFNetworking, whose default setting was/is to not check that the HTTPS server it connects to really is the one asked for.

    The TIFF library has also been attacked, which can be done with a carefully crafted MMS message.

    Programmers using infected copies of Xcode

    XcodeGhost is malware that is injected into apps by an infected copy of Xcode. This mainly affected programming that was outsourced to China like Angry Birds 2. Chinese programmers didn't want to wait for Xcode to download from Apple's server, so they downloaded infected copies from Chinese servers.

    Companies' savings (outsourcing) + users' risk = unethical.

    Exploits based on installation of enterprise apps

    Palo Alto Networks found a malware that it dubbed YiSpecter that does just this.

    Malware getting loaded via a secondary app store

    ZergHelper appeared to Apple's app reviewers in California to be an English tutoring app. However whenever the app was run in China, it provided a secondary app store to run pirated iOS apps which were signed with certificates not originating from Apple but accepted by iOS anyway.

    Infection by malware on your Windows PC via USB

    Palo Alto Networks discovered AceDeceiver, which does exactly this.

    Infection by malware on your Mac via USB

    Palo Alto Networks discovered WireLurker, which does exactly this.

    Drive-by exploits (you visit an infected website)

    This has been known to affect iOS. Wikipedia article

    Other links




    © Zack Smith