Paulbaccas-Vbseminar-2012.Pdf

Paul Baccas

Sophos Ltd Is the Apple walled garden enough to ppyrotect you?

• Introduction • Old Sc hoo l Ma lware • OS X Threats • iOS Threats • BYOD Is the Apple walled garden enough to ppyrotect you?

• Introduction – Paul Baccas – Senior Threat Researcher – http://nakedsecurity.sophos.com/author/paulbaccas/ – Areas of interest including: l Non-PE malware (Office file, PDFs and RTFs) l Spam l Data Leakage Protection l Linux and Apple threats Is the Apple walled garden enough to ppyrotect you?

• Old School Malware – 1982 l Elk Cloner boot sector virus for Apple II computers (pre-Mac) l A year before Fred Cohen research discovered viruses l Four years before Brain the first PC virus – 1987 l nVIR spread mainl y via flo ppy disk. Source code released lots of variants (Mac AV starts) – 1988 l HyperCard virus political message do you remember Michael Dukakis? l DISINFECTANT (the freeware AV) – 1990 l MDEF virus, infected application and system files. Is the Apple walled garden enough to ppyrotect you?

• Old School Malware – 1991 l HC a HyperCard virus that would play German folk tunes – 1995 l WM/Concept found on Microsoft CD-ROM the rise of macros viruses (the decline of specialist Mac AV) – 1996 l XM/Laroux VBA3 macro viruses start going on to VBA6 – 1998 l AutoStart 9805 worm CD-ROM AutoPlay feature of QuickTime 2 .5 + l Sevendust aka 666, infected applications l XF/Paix (Windows only but later Formula viruses worked on Mac) l Last of the pre-OS X Is the Apple walled garden enough to ppyrotect you?

• OS X Threats – 2004 l Renepo script worm attempted to disable Mac OS X firewall l Proof-of-concept Amphimix executable code could be disguised as an MP3 – 2006 l Leap-A,,p first native Mac OS X virus discovered could spread via iChat messages. l Followed by Inqtana and Macerana – 2007 l Badbunny a cross platform OpenOffice macro dropped NSFW images l OSX/RSPlug-A changes DNS settings Is the Apple walled garden enough to ppyrotect you?

• OS X Threats – 2008 l MacSweeper OS X scareware l Imunizator more scareware l OSX/Hovdy-A a trojan that steals passwords l Troj/RKOSX-A a tool to create backdoor Trojans. l Jahlav steals data – 2009 l OSX/iWorkS-A Trojan that spread via BitTorrent l Tored email worm Is the Apple walled garden enough to ppyrotect you?

• OS X Threats – 2010

z The decade when Mac threats come of age? l OSX/Pinhead backdoor Trojan l Imunizator more scareware l Boonana Java worm (precursor of things to come) l Spynion (OpppyinionSpy)

– 2011 l Blackhole RAT l MacDefender l Flashplayer Is the Apple walled garden enough to ppyrotect you?

• OS X Threats – 2012

z Mac Backdoor via Word vuln Troj/DocOSXDr-A

z Java hole leads to more FlashPlayer

z OSX/Sabpab-A Is the Apple walled garden enough to ppyrotect you?

• OS X Threats – 201x

z The future

z Mountain Lion will have Gatekeeper and can restrict installs to the Mac store

z Will restrict AV solutions on the OS X Is the Apple walled garden enough to ppyrotect you?

• iOS Threats – 2010

z Ikee worm changes wallpaper to Rick Astley photo on Jailbroken phones

z Duh steals banking info on Jailbroken phones – 2010 l Troj/PDFex-DT Jailbreaks iPhones – 2011 l Troj/PDFEx-ES Jailbreaks iPhones Is the Apple walled garden enough to ppyrotect you?

• iOS Threats – CQCarrier IQ collecting information

– Path and Hipster app grabbing sensitive data

– Grindr & Blendr leaking sensitive information

– Lots of password/passcode hacks on YouTube

– iPhone/iPad forensics are a growing business Is the Apple walled garden enough to ppyrotect you?

• BYOD – Work data on devices taken to the pub? – Control? – Unrestricted personal use? – Customer data combining with personal? – Limited choice Is the Apple walled garden enough to ppyrotect you?

• Conclusions – Threats will grow – The Apple products have not been built with business in mind and this makes them harder to administrate and control – Apple has been slow to address security and the process seems immature – These are all issues for the corporate market