If you own an Apple product and have not seen or heard about the recent increase of nasty malware targeting Mac OS then now is your chance to get up to speed. I know that many of you out there using this Mac OS do so due to ease of use and seamless integration into your tech toys like iPhones and iPads. The belief that Windows users were the only ones with a malware problem is a myth. You need to wake up to fact that your laptop, iPhone or iPad is being targeted; the malware is getting really sophisticated and all platforms are susceptible to attack!
Here are some examples of the recent malware you should know about:
Proton – The malware includes root-access privileges and features that allow an attacker to obtain full control of the victim’s computer. Its capabilities include: running real-time console commands and file-manager, key logging, SSH/VNC connectivity, screenshots, webcam operation and the ability to present a custom native window requesting information such as a credit-card, driver’s license and more. The malware also boasts the capability of iCloud access, even when two-factor authentication is enabled.
Xagent – This malware contains payload that can make a compromised system running Mac OS X provide passwords, take screen captures and wipe iPhone backups stored on the Mac OS system.
As you can see being a Mac user does not guarantee security and this scenario is only going to get worse. For your own sake please always keep that in mind. That said, here is what you can do to protect yourself:
- Use Time Machine to make backs up regularly and ensure they are encrypted. I prefer not to use iCloud due to the fact I am not really sure who Apple shares this data with. While they say things publicly the other side of the fence might offer a differing view.
- Ensure all iPhone backups are also encrypted.
- Use a tool such as Little Snitch to determine when unknown connections are leaving your Mac. Getting to know what your computer is doing and what it should be doing is key to early detection of compromise.
- Determine if a downloaded application might not be what you think it is using Suspicious Package.
- Get alerted if your being watched with OverSight.
- For your base install you already have the following:
- Using a passphrase for a password that 20+ characters long
- Using FileVault
- Using DuckDuckGo for your searching and research
- Use a VPN if you have to use a public or untrusted WiFi provider
- Track the security news for new developments in Mac OS malware
The main goal here is to not be an easy target and to create as many layers of defense as possible to protect yourself. As in life, prevention is always better than the cure!
With iOS 9 Beta and the El Camino Beta releases we can clearly see that IPv6 is on the agenda for Apple. Only one problem who is ready for this? Specifically, many corporations are not running dual stack networks nor are service providers offering many IPv6 services.
Specific to Canada, IPv6 BGPs are special order items and waiting times are long. The offerings are very basic at this time. If your lucky enough to get connected to the Google network you can run natively on IPv6 but this is not available to everyone and home users are SOL. IPv6 is further complicated by the fact that many ISP in Canada do not have the DNS infrastructure for AAAA records. While many are working on updating these services they just are not there yet.
That leaves the home user, yes many home routers do support IPv6 and can run in dual stack mode. Only issue is they don’t have the necessary security detection capabilities to identify when this implementation is being use to attack the network. Users can be opening a big hole in their network as they are not aware of what to look for when IPv6 is being used to bypass security controls and possibly stealing their data.
With IoT quickly accelerating, we are not pacing ourselves for the apparent onset of devices to be enabled. If 10,000 users tomorrow wanted to add 100K devices each using IPv6 to a network in Canada that would lead to many issues. A gateway would be required to offer the dual stacking and routing necessary. The question is who could support them in this effort?
If industry does not quickly deal with these issues this could leave Canada behind due to competitive disadvantage to countries who can offer these services. Time will tell but I am not aware of any national initiative to accelerate IoT and relevant technologies to the point where Canada will be leader in this field.
First of all I do like the fact that Apple has gone out of their way to build and make this available for the public. However, I do have some points that I would like to see more details on make sure that joe public understands what these statements “mean”.
Lets start in order shall we:
1. While the App Sandbox is great in concept we have already seen prototype attacks that use what is know as protocol handlers. These are built into web based apps that allow them to communicate to a server for example. However, they can be used as a method to collect and inject information in the data stream. I saw some PoC code in Switzerland about two years ago. If the application does not contain validation code there exists the possibility that a rogue user could gain access to the so called secured Sandbox.
2. Encryption well no new news here because with key escrow some one or a 3 letter agency with the master key can decrypt all the data protected with encryption. Look up RSA and $10 million dollars you can probably figure out the rest. Not saying that Apple took money for this but US companies where/are under LOTs of pressure to provide agencies of interest access to national security data.
3. FIPS 140-2 is not a guarantee that the crypto implementation is not vulnerable to attack as the recent SSL issue can attest to. It does show that Apple followed a documented process for design and testing against crypto libraries nothing else. So don’t read too much into this and remember vulnerability testing is not performed for this certification.
4. Supported crypto libraries see bullet 2
5. Siri – What is done with all this voice data? Your voice samples are stored, archived and now someone has a biometric sample of you. Again see bullet 2
So while I believe this WP is a great step forward it also leaves many questions unanswered and these are the questions that businesses and individuals should be asking Apple what the heck?
You can find the document here.