Usually it is Android that makes the headlines for security exploits but this time around, it’s iOS. Researchers from Palo Alto have uncovered a bug called Wirelurker which might already have affected hundreds of thousands of devices.
The primary method of infection for this bug is through the Maiyadi App Store which is a third party app store for OSX based in China. At the time of publication, it’s estimated that over 350,000 users might already have been infected. Furthermore, the malicious code was present in over 450 apps on the Maiyadi app store. Pirated versions of some high profile games like Sims 3 and Angry Birds were amongst the infected apps.
Wirelurker exploits the enterprise provisioning system mechanism, which allows big companies to push through new software without the need to go through the fairly laborious app store approval process. So any app that has an enterprise provision certificate can be installed without an issue. This is exploited and what’s concerning is that it affects both jailbroken and non-jailbroken devices.
Once a desktop (all Macbooks and Macs are susceptible) has been infected, Wirelurker can move to any iOS devices connected through a USB cable. Then, it rewrites programs through binary file replacement. Once a non-jailbroken device has been infected, Wirelurker side loads a comic book app onto the device which is not malicious in itself. Researchers suspect this is simply to test whether a device is compromised or not.
The interesting part is that on infected devices, Wirelurker specifically tries to identify the owner of the infected devices. On jailbroken devices, it also tries to access text messages. It also tries to steal payment information and other sensitive data. Some security experts have labeled Wirelurker as primitive but fear that the mechanism used by the bug could be exploited by more sophisticated hackers.
With Wirelurker, iOS users are facing their first widespread significant security threat. Software for testing whether you are affected or not has already been developed that you can download from here. However, the fact remains that Wirelurker is not a passive threat. It is under active development and you should stay safe by not using a third party app stores or charging by plugging into devices you don’t trust.