Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    Jan28
    1:03 am (UTC-7)   |    by

    In the past couple of weeks, there has been some breathless reporting about how iOS users could now install pirated apps without having to jailbreak their phones. This was made possible by certain Chinese app store-like services.

    Some of the reporting has been wondering how this was possible, but anyone with knowledge of iOS enterprise deployments knew what was going on. The same features which allow enterprises to deploy their own custom apps have now been abused to deliver pirated apps to users.

    This “newly discovered” method represents one of the methods to get malicious/fake apps onto the iOS devices. However, because the iOS sandbox has not been compromised, what each app can and can’t do is rather limited. The iOS app may try to send out some personal privacy information to external server which creates privacy data leakage problem.

    For now it’s not likely to be much of a security threat, as the number of users who would actually use these “pirated” app stores is rather limited. However, it does represent an interesting avenue for targeted attacks in enterprise settings. It wouldn’t take much effort to refine this into something that could more seamlessly get users to install apps on their own iOS devices via a link they receive on their desktop or laptop and connecting their phone via USB. (Expect Apple to fix this down the road.)

    What should users learn from this? It’s a lesson that Android users have known for a while now – yes, you can install bad apps onto your device. Attackers have to work harder to do so, but it’s still possible.  As users, we need to be careful not to install any app from unknown source. Mobile private information leak always starts from installing malicious app on the device, even iOS users aren’t spared to the risk of bad apps.

    For more information on Mobile threats landscape, read our TrendLabs 2012 Mobile Threat and Security Roundup.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice