As with any piece of new technology, the introduction of smart watches come with new threats to security. A recent study was conducted on these watches and to no ones surprise, many vulnerabilities were found. A few of the vulnerabilities listed include, a lack of transport encryption, lack of user authentication, privacy problems, and firmware problems. It was also found that communications were easy to interfere with and intercept. This means that as of right now, if sensitive data is being transmitted over the watches, anyone could get a hold of it.
Experts recommend to protect sensitive information with strong passwords and to make sure you are controlling your communications to avoid middle man attacks. Another suggestion they make is to manage your transport layer security settings and make sure they are in good shape for protecting you. The biggest concern however seems to be the vulnerabilities of the apps rather than the watch itself. Previously there have been attacks on apps for the iPhone and such so the experts say it wouldn’t be surprising to see attacks on the smart watch apps.
The bottom line is to approach these new smart watch products with care and to focus more on the security of the apps than the watch itself. Additionally, as time goes on, more apps for increased security will be released. Apple has already released several since the release of their Apple Watch.
Recently researchers from Palo Alto Network have discovered a new iOS malware, called YiSpecter that can infect Jailbroken and Non-Jailbroken devices. It the first malware researchers seen to abuse private APIs in the iOS system and abuse the enterprise distribution mechanism. It is currently targeting users in China and Taiwan. Many users have already reported to Apple of the malware. YiSpecter haves been out for about 10 months. Since 2014, only one of the 57 venders from VirusTotal have detected YiSpecter as a malware which was Qihoo. Qihoo did not give out any samples so no other venders could detect YiSpecter.
So far, researchers found four different ways YiSpecter was spread. YiSpecter was disguised as a media player app such as “QVOD” and “DaPian”. The two apps would then download other malicious apps that are components to YiSpecter which are called: Nolcon, ADPage, and NolconUpdate. The malware was also spread from ISP’s traffic hijacking. There are some local ISPs in China supported DNS hijacking and internet traffic hijacking attacks. The third way YiSpecter was spread by was from the Lingdon worm. YiSpecter was also on offline app installations. Offline app installations is where a user downloads a developer’s app and get money for downloading it.
YiSpecter apps were singed with three iOS enterprise certificates. By doing this, it bypasses Apple’s strict code review. Though when installing the apps, the users now must have the profile of the enterprise as “trusted” and also must verify to open when executing for the first time.
Nolcon is a malicious complenent of YiSpecter. Nolcon can remove an already downloaded app on the iOS and replace it with a “fake” app. Nolcon will update regularly and see if other components of YiSpecter is still downloaded. Users who uninstalled the main app will still be infected. The components also have a function that make itself hidden on the springboard making it impossible to uninstalling it. Another Nolcon’s function is to hijack other apps with ads. Nolcon can change and modify the bookmarks and search engines of Safari. Lastly the app can collect data of the device such as apps installed, running processes, UUID, and MAC address.
Luckily, there is a way to remove YiSpecter by removing all unknown/untrusted profiles.
Go to Settings->General->Profiles and remove all unknown or untrusted profiles
Delete any apps named: “情涩播放器”, “快播私密版” or “快播0”
Use a third-party iOS management tool to delete the default iOS installed apps
In short, this article is informing the public about an issue that is overlooked when it comes to apple smartwatches, how “weak” the security on those watches actually is. There are several openings in these apple smartwatches that can be exploited due to their lack of actual security. For example, an apple smartwatch can be easily “bluejacked” a term used to describe a 3rd party gaining access said watch. As a result, the 3rd party can access many parts of the phone and send things like images,sounds, or even viruses to the smartwatch (some of which can take over the phone and listen in on conversations or block out owners control of the phone for however long the hacker chooses). The worst part is, this is not even the worst thing that could happen, when it comes to loopholes in the security of the device. Like all devices that can download apps without restraints, the apple smartwatch is capable of downloading apps which can contain harmful malware that could take on a variety of forms and become difficult to combat. There seems to be a claim that even if the smartwatch is vulnerable to many variations of malware, viruses, and other methods of attack used by hackers, since the smartwatch is tied to apple which is already a target of hackers it does not seem to cause much concern. In fact, since the smartwatch will automatically lock if taken of the users wrist it is presumed to be more safe than a phone if both are left unaccounted for in a public place.
Today Apple had what quickly becoming know as their largest account theft, due to malware. Palo Alto Networks and Weip Tech came across a server that held over 225, 000 valid user names and passwords that had been stolen via a new malware family named KeyRaider in the iOS.
The malware only effects users with jailbroken iOS devices has struck users in 18 countries. According to Claud Xiao, “The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.”
KeyRaider is also stealing Apple’s push notifications and private keys, but it’s also sharing the App store’s purchasing information. These stolen credentials eventually allow users to make purchases for free using iOS jailbreak tweaks.
They’ve also been locking down devices, and holding them for ransom. It disables unlocking operations, and demands a ransom without going through the Apple push servers.
According to Jonathan Sander (the Lieberman Software VP), and Tim Erlin (Tripwire’s Director of IT Security and Risk Strategy), jailbreaking your iPhone paints a target on your back, and in this case it was taken advantage of.
A new zero day vulnerability in iOS gives anyone with a router the ability to shutdown any iOS powered device. Security researchers have just recently discovered this bug in Apple’s SSL library which can apparently crash all applications on the device and even trigger an endless reboot cycle to render the device inoperable. This bug could also be coupled with another bug uncovered two years ago that forces iOS devices to connect to WiFi hotspots as soon as they get into range. In this way, an iOS user would be unable to use their device when within the radius of any WiFi hotspot configured in this manner.
The good news about this – if there is any – is that the researchers at Skycure that discovered this vulnerability haven’t released the details on exactly how to do it in the hopes that Apple will solve the issues before anyone takes advantage of this issue in the wild.