Posts Tagged ‘hacking’


iPhones, iPads under attack from China?

WireLurker logoApple Inc. made its powerful brand name on the strength of intuitive technology that for years seemed immune to routine hacking. Now, a malware campaign afflicting China threatens to dampen that distinction and harm those here who rely on any one of an estimated 800 million iPads, iPhones and 64-bit Macs.

The WireLurker malware reportedly flourishes in China on pirated software. Once installed it burrows into the operating system and waits for peripherals to connect, whereby it records the information passed between the devices. Much of that information consists of serial numbers, phone numbers and iTune store identification information.

Then WireLurker installs benign-looking apps that sift for other identifiers including texting history, address books and other private files to pinpoint potential targets. WireLurker also imports regular updates from an attacker’s command servers, thus remaining on guard against counterattacks.

Security company Palo Alto Networks alerted Apple users on this side of the Pacific in a recently released white paper.

Although WireLurker poses no immediate threat here as yet, it represents a comprehensive approach to malware distribution not seen before with Apple products, Palo Alto Networks says.

To reduce the risk of infection, users of Apple devices are advised to take a few precautions:

  • Avoid downloads from any location other than iTunes or the Mac App Store. To ensure this, in the System Preferences panel, click on the check box next to “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)”
  • Avoid connecting or pairing your Mac or portables with other unsecured devices, whether they are Mac- or PC-based.
  • Keep the operating systems updated on all devices. The updates also plug holes in system security.
  • Keep all antivirus and anti-malware programs updated as well.

Keep in mind as well: The people most at risk are those who ignore every pop-up security warning Apple throws at them.

Palo Alto Networks is providing a tool to detect WireLurker infection on Mac and advises that removing WireLurker and the damage it causes will require expert attention.

Cautionary tale evident in latest Snapchat snafu

Snapchat logo

Snapchat’s logo

Our society is chock full of rules, some of which deserve to be broken.

But before breaking one, try reading the fine print.

That salient detail might have helped those who were victimized by a security breach that leaked 200,000 images and videos, some possibly lurid and potentially embarrassing, that belonged to users of the photo messaging application Snapchat.

For those of you unaware, Snapchat is a mobile app with a programmable timer to limit availability of the photos and recorded videos its 100 million monthly users send to each other. Recipients have just a few seconds to view shared content before it disappears forever — in theory, anyway.

The appeal of an app such as this is obvious. Some photos — snapshots of a goofy face or what you ate for lunch — deserve only a few seconds of our time, whereas incriminating photos — sexy selfies and the like — we hope will last only a few seconds.

Friday, Snapchat acknowledged that some of its content stored by a third-party application turned up on a fake photo website. The third-party application, Snapsaved, apologized and took full responsibility, saying a misconfiguration of its servers left the app’s archives vulnerable to hacking. Initially, media reports had blamed Snapchat for letting the photos leak.

The site that published the photos, Viralpop.com, has since disappeared. What happened to its content remains uncertain. (Snapsaved’s site has been unresponsive since the breach was discovered.)

The current worry is that many of those 200,000 photos were provocative and incriminating — and now they may be everywhere. But Snapchat insists that less than a third of its content is too mature for the app’s youngest subscribers, ages 13 to 18. The other content, Snapchat says, is disposable, unmemorable.

It would be easy at this point to heap shame and insults on Snapsaved and curse it for not being more careful. But Snapsaved provided a service made possible only by Snapchat users breaking the rules they promised to uphold: In its terms-of-use policies, Snapchat prohibits users from culling and distributing content.

Of course, nobody reads terms-of-use policies, in part because the legalese used to craft them borders on unreadable. And where there are rules, there are rule breakers. Nevertheless, believe it or not, terms of use exist to protect customers’ rights, too.

This is why real blame for the photo leak rests with the Snapchat users who ignored the terms and in the process put people’s reputations —  perhaps even their own — at risk.

Connect

Twitter Facebook Google Plus RSS Instagram Pinterest Pinterest LinkedIn


© Society of Professional Journalists. All rights reserved. Legal

Society of Professional Journalists
Eugene S. Pulliam National Journalism Center, 3909 N. Meridian St., Indianapolis, IN 46208
317/927-8000 | Fax: 317/920-4789 | Contact SPJ Headquarters | Employment Opportunities | Advertise with SPJ