Why WireLurker, the iPhone’s Most Advanced Malware Ever, Shouldn’t Terrify You
You may have heard that a new strain of malware called WireLurker has attacked Apple’s OS X operating system for Mac and iOS devices like the iPhone and iPad. You might have also heard that it’s incredibly dangerous and that you should be very, very scared.
But the truth is, the malware itself has already been addressed and subdued by Apple. It also was never that big of a threat to most people, despite what you may have read elsewhere. The real issue, according to Palo Alto Networks, the security company that found the malware, is how it infected your iPhone, and what that could mean for future attacks.
Members of Palo Alto Network’s Unit 42 uncovered WireLurker earlier this week. This piece of malware, which may have been downloaded hundreds of thousands of times, required you to take very specific actions for it to get onto your iPhone.
First of all, you had to go to a third-party Chinese OS X app store called the Maiyadi App Store — a dangerous Web store known to host pirated and infected OS X software. You then had to ignore a host of warnings from OS X asking whether you really wanted to run software from an unknown developer or source.
Those steps alone mean that the vast majority of OS X and iPhone owners were safe from WireLurker from the start. You’re probably not downloading too much software from third-party Chinese app stores. (And if you are: Stop it.)
Even if you are frequenting the Maiyadi App Store, it would take another step for this malware to get onto your iPhone: You would have had to plug your phone into your infected Mac via USB. WireLurker would then jump to your iPhone and start mining data.
What the ultimate purpose of the malware was has yet to be uncovered. But, needless to say, only a small minority of people were ever in danger of seeing their devices infected by WireLurker.
The thing that makes WireLurker a problem, and the reason it deserves so much attention, is that it was able to impact iPhones that weren’t “jailbroken.”
Jailbreaking an iPhone basically gives a person the ability to install and run apps and extensions that Apple’s iOS normally doesn’t allow for a variety of reasons, including security. Jailbreaking is also popular for those who want to use a device on their local carrier, which may or may not support Apple devices.
Jailbreaking is capable of enabling a lot of cool stuff on your phone that Apple otherwise blocks. The problem with jailbreaking an iPhone is that, if you’re not careful, it can put your phone at risk of being infected by malware or other malicious software.
Malware on jailbroken iPhones, in other words, isn’t new. WireLurker, however, managed to infect iPhones that hadn’t been jailbroken. It did so by exploiting enterprise provisions within Apple’s iOS, which are normally used by businesses to create custom apps for their employees.
That’s the reason WireLurker is dangerous. It’s not some super piece of malware that will destroy your iPhone, as it’s been made out to be. The scary thing is the means by which it was able to install itself on non-jailbroken iPhones.
According to Palo Alto Networks, WireLurker is only the third piece of malware that’s managed to infect non-jailbroken iPhones. What’s more, this is one of the first instances of malicious software being able to jump to non-jailbroken iPhones via a USB connection.
In other words, this likely won’t be the last type of malware that attacks iPhones in such a way. Where the next attack will come from is one of those pesky known unknowns.
So how do you keep your iPhone safe from such an attack? Just follow the usual rules for device safety. Don’t download software from places you don’t know you can trust, install an antivirus suite on your Mac, keep your Mac and iPhone up to date, and don’t jailbreak your iPhone if you aren’t sure how to avoid malware. If you do all that, you’re likely safe.
Now stop panicking and get back to taking selfies, or playing Flappy Crush Saga, or whatever it is you kids do.
Email Daniel at dhowley@yahoo-inc.com; follow him on Twitter at @DanielHowley or on Google+ here.