or Connect
AppleInsider › Forums › Mobile › iPad › Backdoor malware targets iPad
New Posts  All Forums:Forum Nav:

Backdoor malware targets iPad

post #1 of 13
Thread Starter 
Bogus email encourages users to upgrade iTunes with link, then malware accesses iPad. Windows PC only at this time.


Quote:
Attacks disguised as iTunes updates.

Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device.

Sabina Datcu, technology writer for anti-virus firm BitDefender, wrote in a blog post today that the threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software.

"A direct link to the download location is conveniently provided. As a proof of cyber crime finesse, the web page the users are directed to is a perfect imitation of the one they would use for legitimate iTunes software downloads," Datcu said.

"Unfortunately for these users, following the malicious link means opening up a direct line to their sensitive data, as instead of the promised iTunes update they get malware on their systems."

The Backdoor.Bifrose.AADY malware opens up a backdoor which could let the perpetrator gain unauthorised access to the device, warned Datcu.

It also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts.

Mac users are unaffected by the malware, according to Datcu.

http://www.crn.com.au/News/173074,ba...pple-ipad.aspx



On another issue about iPad security:

Safari is still rather vulnerable to exploits and Apple is slow to fix them. Safari is the iPad´s main browser, take great care surfing the dark corners of the internet with the device. The reason I say this is because there is virtually little other browser choices (only Opera Mini) and no ability to install security or network monitoring software on the device.



Note to Mac OS X users:

Dark net/pr0n surfing using another OS like Ubuntu Linux under a virtual machine software (under OS X) gives one the ability to dump the entire OS and revert to a first saved/installed version in case of a exploit. I would advise Mac users to install a outgoing firewall software like Little Snitch in OS X and activating itś network activity monitor. This way one can monitor the virtual machine (or anything else) softwareś outgoing connections. Also to always run as General User, not Admin User. (create new Admin, log in, switch original Admin to General User mode, log in)

Apple does not provide a outgoing firewire in OS X and doesn´t provide such security software on the iPad.

The Firefox browser vulnerabilities are fixed a lot faster than Safari´s and the various plug-ins like NoScript, AdBlock and RequestPolicy provide superior additional protection from avenues of exploitation while surfing the dark net.

Never click on a link to upgrade Flash, Quicktime, iTunes or anything else on questionable sites, instead relaunch your browser and visit the Adobe site yourself using Google search or a known bookmark to Adobe for Flash or Software Update for Quicktime/iTunes. Once you give your Admin password, it´s too late!
post #2 of 13
Quote:
Mac users are unaffected by the malware, according to Datcu.

Oh dear, those poor Windows users.
post #3 of 13
Pure undiluted FUD.

The iPad isn't targeted at all and in fact is not even involved. In fact this a Trojan Horse targeted at Windows users.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #4 of 13
Apple's facilities for upgrading iTunes or other Apple software is through Software Update.


Like most Trojans, the end users stupidity/ignorance/greed becomes their downfall.
He's a mod so he has a few extra vBulletin privileges. That doesn't mean he should stop posting or should start acting like Digital Jesus.
- SolipsismX
Reply
He's a mod so he has a few extra vBulletin privileges. That doesn't mean he should stop posting or should start acting like Digital Jesus.
- SolipsismX
Reply
post #5 of 13
Exactly. This is just another Windows vulnerability disguised in an email that mentions the iPad.
post #6 of 13
Quote:
Originally Posted by SpotOn View Post

Bogus email encourages users to upgrade iTunes with link, then malware accesses iPad.

No. Malware doesn't access iPad. Nor is this anything to do with Safari.

This malware accesses idiots. If you are going to keep spamming us with links to "negative" Apple news can't you at least make the effort to understand them?
post #7 of 13
Thread Starter 
Quote:
Originally Posted by hmurchison View Post

Apple's facilities for upgrading iTunes or other Apple software is through Software Update.


Like most Trojans, the end users stupidity/ignorance/greed becomes their downfall.


Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.

The only potential issue for Mac users is bogus links to upgrade Flash or some other browser plug-in.


I wonder if the issues with the insecurities of Safari and Flash have to do with so many people not knowing they have to update Flash themselves through Adobe? Thus they run older and more vulnerable versions of Flash, thus more exploits with the browser most used on Mac´s?

Did Apple create a problem by not including Flash upgrades in the Software Update?
post #8 of 13
Quote:
Originally Posted by SpotOn View Post

Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.

Apple Software Update exists on Windows too. That's how you update iTunes and Safari on Windows.
post #9 of 13
Quote:
Originally Posted by SpotOn View Post

Exactly, Mac users of OS X know this and are less likely to fall for this trick as the safer behavior is reinforced through Software Update.

The only potential issue for Mac users is bogus links to upgrade Flash or some other browser plug-in.


I wonder if the issues with the insecurities of Safari and Flash have to do with so many people not knowing they have to update Flash themselves through Adobe? Thus they run older and more vulnerable versions of Flash, thus more exploits with the browser most used on Mac´s?

Did Apple create a problem by not including Flash upgrades in the Software Update?

No Flash has been one of the issues with security in the recent past. I'm not sure that major steps forward in security will happen until there are some major revamping of Flash code and Webkit for that matter. Though that's just a guess I've got nothing to back it up.
He's a mod so he has a few extra vBulletin privileges. That doesn't mean he should stop posting or should start acting like Digital Jesus.
- SolipsismX
Reply
He's a mod so he has a few extra vBulletin privileges. That doesn't mean he should stop posting or should start acting like Digital Jesus.
- SolipsismX
Reply
post #10 of 13
Quote:
Originally Posted by piot View Post

No. Malware doesn't access iPad. Nor is this anything to do with Safari.

This malware accesses idiots. If you are going to keep spamming us with links to "negative" Apple news can't you at least make the effort to understand them?

Just so we know, this thread was apparently posted in response to my challenge to his implication in another thread (and repeated here) that the iPad has security issues. Since there's not a scintilla of evidence for such a thing, instead we get this completely phony argument which is either utterly ignorant or deliberately misleading.

FUD.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #11 of 13
Quote:
Originally Posted by Dr Millmoss View Post

Just so we know, this thread was apparently posted in response to my challenge to his implication in another thread (and repeated here) that the iPad has security issues.

Thanks Dr. I don't think that Spot needs any excuse for this kind of BS.
With nearly 300 posts in his first month he seems to be following the pattern of the other irritants, now banned.
post #12 of 13
Thread Starter 
Quote:
Originally Posted by hmurchison View Post

No Flash has been one of the issues with security in the recent past. I'm not sure that major steps forward in security will happen until there are some major revamping of Flash code and Webkit for that matter. Though that's just a guess I've got nothing to back it up.


Flash has issues, but I think Apple could have been decent enough to include Flash in Software Updates as not to make the problem worse than it is.

Mac users trust Software Update, itś automatic and all.
post #13 of 13
Thread Starter 
Quote:
Originally Posted by JupiterOne View Post

Apple Software Update exists on Windows too. That's how you update iTunes and Safari on Windows.


Good point. So there must be some other factor.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPad
AppleInsider › Forums › Mobile › iPad › Backdoor malware targets iPad