Tag Archives: iOS

Avira Threats Landscape: Visualizing threats for you

Every day, thousands of different malicious programs are trying to infect as many devices as possible. The goal is the same for all of them: Get your data and if possible your money as well.

We have always been the firsts to learn about the threats that loom over every owner of a PC, Mac, tablet, or smartphone, but us having all the insights is not enough. While studying threats, keeping an eye on where they appear, and adapting our programs accordingly makes sure we keep our users as safe as possible, it’s still complicated to explain to the rest of the world why being protected is that important.

Sure, one reads about the newest threats, but only other people are affected by them, right? Especially big companies or governmental institutions seem to be the targets, so why bother at all. And that is where people are wrong. While the media most often talks about high profile cases, everyone else is at risk just as well! Every day there are millions of threats which have only one goal, namely to infect your devices. Be it your smartphone, laptop, Mac or PC – each and every one of them is at risk. Just think about the latest iOS and OS X exploits or the different ways cybercriminals try to gain control over what’s on your computer.

Check out the Avira Threats Landscape to find out where danger is lurking. #cybersecurity

In order to make our point we decided to share our insights with you in form of an interactive map. Our Avira Threats Landscape allows you to not only see which countries are the top targeted ones but also which threats are popping up the most and how many threats were detected in your country. Take a look at it, you won’t regret it. And when you see just how far reaching and widespread those threats are, make sure to warn your family and friends as well.  The most important thing though: Stay protected!

The post Avira Threats Landscape: Visualizing threats for you appeared first on Avira Blog.

XARA – With This Exploit Hackers Can Steal Your Passwords

Six university researchers discovered high-impact “zero-day” security weaknesses in iOS and Mac, which can be abused by getting a malicious app approved by the Apple app store – something they managed to do without any issues. Through this app they were able to access sensitive data from other apps – with dire consequences. The researchers state that “our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome […]”

It does sound unbelievable, doesn’t it? Just take a look at the below video to see a malicious sandboxes app on OS X steal all private notes in the Evernote app:

Or how about a look at how it is able to steal any websites’ passwords:

According to their research 88.6% of the apps they tested were found to be completely exposed to the XARA attacks. This includes popular apps like Evernote, WeChat, and 1Password: “In our study, we downloaded 1,612 free apps from the MAC App Store. These apps cover all 21 categories of the store, including social networking, finance, business, and others. In each category, we picked up all the free apps when less than 100 of them are there, and top 100 otherwise. Also from the iOS App Store, we collected 200 most popular apps, 40 each from “All Categories”, “Finance”, “Business”, “Social Networking” and “Productivity”, after removing duplications.”

The researcher informed Apple about the issues in October 2014, a fix seems to be still outstanding.

Take a look at the research paper to read all about the issue.

The post XARA – With This Exploit Hackers Can Steal Your Passwords appeared first on Avira Blog.

Flaw in Mail.app Can Be Used to Hijack iCloud Password

The flaw lies in the Mail.app, Apples default e-mail program for iOS. According to security researcher Jan Sourcek “this bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.“ To reduce suspicion the code even detects if someone has already visited the page in the past by using cookies. If this was the case it stops displaying the password prompt.

This means that hackers could easily create phishing mails which show a form that looks exactly like the iCloud login pop-up window everyone knows. The user would be asked for their username and password, which – once entered – would then be transmitted to the cybercriminals.  Just take a look at the below concept-of-proof video to see how easy it would be to trick the unsuspecting user!

Sourcek discovered the flaw in January 2015 and informed Apple immediately. Since then no action has been taken in order to fix said vulnerability. In the hope that it will make Apple take the bug more seriously, the security researcher has now published his findings together with a proof-of-concept video and the corresponding code.

Feel free to follow this link in order to find out more about the issue.

The post Flaw in Mail.app Can Be Used to Hijack iCloud Password appeared first on Avira Blog.

What Can Siri Help You With Today?

This post is about cool things you can do with Siri, and some you might wish it didn’t do. Stick with me to the end of this post, and I’ll even share with you a funny video of what Siri “really” looks like…

“Siri, please save my iPhone from the messages of death”

This somewhat melodramatic title was posted on TheRegister and reports incoming messages that trigger a bug in the iOS, inducing applications to crash…

The solution?

Apple suggests Siri as a temporary fix (full instructions here). One of the options includes asking Siri to “reply to the malicious message”. That’s right – if you’re being picked on by a big bad hacker who is sending you “messages of death”, get big sister Siri to reply with a digital tongue-lashing – sweet!

“Siri, please turn on the light, switch on the stero and start my car”

Back in 2014, there was excitement surrounding the application called GoogolPLex, which hooked up a hacked version of Siri to the Internet of things. Suddenly you could use Siri for all sorts of applications, as seen in this video:

What’s particularly clever, is the name: “GoogolPlex, turn on the lights” is actually understood by Siri as “Google, please turn on the lights”. Then, instead of running a Google search, GoogolPlex redirects the requests to its servers and uses API’s that interact with your hardware to process your requests.

GoogolPlex, beam me up!

Siri, stop recording our conversations…

You love using Siri? She is a great listener (granted, with dubious hearing). However, if you’re also a staunch believe in privacy, you might want to reconsider what it is exactly you tell your beloved assistant. As reported in this post, all voice recordings are stored for 6 months, after which time they keep the recording for another 18 months but delete the number associated with it… In case you’re now thinking of switching to Microsoft’s equally friendly Cortana, the policy is very similar…

.
And now, for a look at what Siri looks like, as seen in Raj’s vivid imagination (from the Big Bang Theory):

The post What Can Siri Help You With Today? appeared first on Avira Blog.

“Unicode of Death” Crashes Your iPhone

The newly discovered security flaw on iOS crashes different messaging apps (like iMessage and your SMS app – basically all apps that use Apple’s CoreText library) on your iPhone and possibly your Apple watch when being sent a specific string of text. In addition to that it causes your mobile to reboot immediately. The bug was first reported on Reddit.com where some people were complaining about it.

According to TheRegister, this is what happens once your mobile receives the message containing the “Unicode of Death”, a string of text including Arabic characters and different symbols: “The bug causes CoreText to access memory that is invalid, which forces the operating system to kill off the currently running program: which could be your text message app, your terminal, or in the case of the notification screen, a core part of the OS.”

And sickestdancer98 from Reddit explains: “I can tell you it is due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then “gives up” thus the crash. On a jailbroken device, this ultimately leads to safe mode. However, on a stock iOS device, there is no safe mode hence the respring after the crash. That is why this only happens when you are not in the message because the banner is what truly crashes the entire system. Is this a possible vulnerability? Maybe. Has this been around already? Roughly since iOS 6. Can it be fixed/patched? That, my friends, is up to Apple. I hope I cleared things up a little bit if it did help in anyway, shape, or form.“

Apple is already working on fix which they’ll make available in an upcoming software update. Until then there are a couple of workarounds floating around online, one if them being to just turn off the lock screen notifications for now.

The post “Unicode of Death” Crashes Your iPhone appeared first on Avira Blog.

Ex-NSA Guy Points to Mac Security Flaws

Whereas Apple develops its iOS with security a part of the process, with OS X development security seems to be more of an afterthought. ‘Bug bounty’ programs are one direction suggested for Apple, but until there is a change in the current approach, the vulnerabilities remain open to any would-be hackers.

At the recent RSA Conference in San Francisco, Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.

More advanced Mac attacks, such as the ‘Rootpipe’ backdoor, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.

AV-Test, a leading independent computer security testing firm, recently tested 10 different Mac OS X security software packages (you can read the full report here), writing that:

“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”

In AV-Test’s analysis, Avira Free Antivirus for Mac earned a 100% detection score against 160 new Mac-specific viruses and malware. If you’re taking chances with no security on your Mac, do yourself a favor and take care of it right now – FREE DOWNLOAD.

The post Ex-NSA Guy Points to Mac Security Flaws appeared first on Avira Blog.