This week, XcodeGhost emerged as the newest threat to iOS devices. The modified version of Apple’s software development suite Xcode introduced malicious functionality into apps without the developers knowing.
When these infected apps containing altered code were then downloaded to users’ phones, they unwittingly gave the XcodeGhost creators access to their sensitive information, including that of their employers.
Following the discovery of the compromised apps in the App Store, Wandera’s threat research team identified 36 different infected apps installed on thousands of enterprise devices.
Versions of popular applications including WeChat, WinZip, PDF Reader and CamScanner were found to incorporate the malicious code, making it possible to steal sensitive data and transmit it to one of three malware URLs.
But how did this happen?
This incident has proven what security researchers have known for some time: that just like other mobile platforms, Apple devices remain vulnerable to the rise of sophisticated mobile malware attacks, and that a “defence in depth” approach, including user education is required.
Wandera’s most recent Mobile Data Report found that access to malware and spam is twice as prevalent on an iPhone compared to Samsung devices.
The key to keeping any device secure is recognising what each employee’s device is susceptible to given the manner of its individual use, and then using that information to monitor the device in real-time for any threats that may occur.
The dangerous apps were corrupted versions of reputable brands, and so would be unlikely to be on any blacklists and would readily pass through most vetting procedures.
Therefore the only way to detect the threat of these apps would be to closely monitor the data traffic to and from the device.
What does the data look like? How much is being transmitted? Where, when and how frequently is it being sent? Without correct and, most importantly, real-time information, organisations are effectively operating in the dark: they cannot see the way in which the devices are interacting with the network and therefore what threats the device and its data may be being exposed to.
This visibility is the only route to thoroughly mitigating the impact of current and future malware threats. The panicked response to Monday’s revelations by businesses trying to retrospectively protect devices that already had these apps installed was a classic case of too little, too late.
The XcodeGhost scandal should be a wakeup call to anyone that previously thought Apple and the App Store were safe from malware.
However, the more important lesson is that as malware threats grow in sophistication and complexity, and successfully circumvent typical security procedures, enterprises need to ensure they are alert to the warning signs of malware in action – which is only possible through monitoring networks and data streams in real-time.
Sourced from Eldar Tuvey, CEO, Wandera