malware strikes non jailbroken iOS devices

scargill-walled-garden-2
Walled gardens don’t provide 100% protection.

A reminder that while iOS still seems to be safer from malware threats (as long as you don’t jailbreak your device), Apple’s walled garden is not totally weed free.  Researchers found malicious apps in Apple’s App Store which use vulnerabilities in iOS’s digital rights management software to install malware on standard (non jailbroken) devices.  This particular family of malware only targets devices located in mainland China, but there is no guarantee that others may try and exploit this issue to infect other users.

Apple removed the malicious apps from the App Store when they were informed of the issue, but it is important to note that the apps stayed up in spite of multiple reviews by Apple until then.

We iDevice users have been quite lucky when it comes to malware, but it is important to remember that iOS is not immune to malware attacks.  The best defense is to be choosy about the apps you install – if you have not heard of an app, look for reviews and information out on the net before downloading it to your phone.

Of course, Donald Trump promises to build a “terrific” wall around Apple’s App Store and make Mexico pay for it…

malware strikes non jailbroken iOS devices

People are still your best defense

spellingOK, I already tweeted this story with a snarky comment about spelling, but there is an interesting lesson to be learned from this incident.  It was plain old human intervention that kept an $80 million dollar fraud from becoming an $800 million plus fraud against Bangladesh Bank.  Educating your people to recognize out of the ordinary behavior is one of the best security investments you can make.  (Not that losing $80 million is a great outcome).

Aside