We used to think that Apple iOS gadgets were pretty immune to viruses and malware. Sadly, over the past year hackers have turned their attention to our mobile gear. Honestly, I’m not surprised at all. Why?
Stop for a moment and think about how much of your life is on your iPhone or iPad. Personal photos, friends and family contacts, your exact GPS location, your email and probably much more are all on that handy little gadget you carry around.
Let’s start just with your email: personal messages, bills from utilities and insurance carriers and financial communications from your bank and credit cards all land in your email inbox. With this info, a hacker can visit your online accounts and request new passwords. And where do those requests go? Right to your email, where the hacker is camping out just waiting for them. With these keys to your online and financial life, a cyber crook has more than enough to steal your identity, wipe out your existing accounts and set up new ones to ring up thousands in new debt that will show up on your credit report and lenders will expect you to pay back.
The scary reality is that a virus on your iPad or iPhone can give the bad guys nearly unlimited access to your life. So do I have your attention yet? I hope so!
As iPads and iPhones have gotten more sophisticated, most users have been pretty confident that their information is secure.
Worried about finding your lost or stolen iOS gadget? See my tip here to find your lost iPhone or iPad.
But that confidence bubble burst earlier this fall when protesters in Hong Kong were targeted by malware that infected iPhones and iPads. The virus was capable of stealing text messages, photos, call logs, passwords, GPS locations and other data from Apple mobile gadgets. All of which would be pretty handy for a government trying to crack down on pesky protestors.
This malware, code named Xsser, was technically a Trojan horse. A link to the malware, disguised as an app to help coordinate Occupy Central protests in Hong Kong, was sent as an anonymous message to WhatsApp users.
This attack illustrates how easily social engineering can be used to steal valuable information from iOS users. By the way, “social engineering” is just a fancy term security experts and hackers use to mean “tricking people to get information.”
In this case, the attackers successfully tagged along on a big current event (in this case political protests, but it could be something as innocent as a sporting event or a trade show) to gain a victim’s trust. The users then innocently install malicious apps, unaware that they’re also unlocking the door to their own personal information.
But if you are unknowingly tricked into installing malware, and you are completely unaware that it is stealing your personal information, how can you tell if your gadget is infected?
While this virus attack on Hong Kong protestors is pretty scary, there is one big mistake that every victim made that allowed the hackers to be successful. They downloaded and installed an app from somewhere other than the official Apple App Store.
Now anyone who uses Apple gadgets probably already knows that Apple runs a pretty tight ecosystem. iOS only runs on Apple hardware and Apps are only available from the Apple App Store - unless your gadget is “jailbroken.”
What’s “jailbreaking”? It’s an off-warranty option for tinkerers and techies to unlock under-the-hood options on iOS devices.
Now, you know your smartphone is already capable of amazing things. That phone in your pocket or purse has more computing power than the computers that put us on the moon!
But some folks want their phones to do even more. When you first get a new iPhone, it comes preloaded with apps and programs that are difficult and sometimes impossible to remove.
Some people get frustrated with their phones, and others find a way around the restrictions. Getting around these software restrictions is called jailbreaking your phone.
And jailbreaking your iPhone could do more damage than you bargain for. For example, the Hong Kong protesters unwittingly installed an app that shared all their information with the hackers - who might have been government agents cracking down on the protests.
So lesson number one is, don’t jailbreak your iPhone or iPad. But don’t get too confident yet. Even stock, non-jailbroken Apple gadgets have been vulnerable to hackers.
In early November, news broke that a new threat, called WireLurker, could infect stock Apple gadgets.
Through a clever scheme, WireLurker first infects a Macintosh OS X (laptop or desktop) computer - app security is not as locked down for Apple computers - then waits for an iPad or iPhone to be connected to the computer via a USB cord. Once connected, the malware is installed on the mobile gadget and then attempts to steal data and sensitive information.
Apple responded to the WireLurker threat within 24 hours with updates that supposedly block WireLurker’s access to the iOS operating system.
In addition, Apple has quickly updated its XProtect malware scanning system that is built into Mac computers, to help detect the WireLurker installers being hidden in seemingly legitimate programs.
With these protections in place, if you attempt to open risky programs that Apple has identified, OS X will issue a warning that the program you are launching contains known malware, and recommends you do not run it.
But in the months before it was discovered, WireLurker-infected apps were downloaded on iOS gadgets at least 350,000 times.
How do you know if your iPhone or iPad is infected?
Let’s break down this question down into two parts. What have you done with your Apple gadget, and what, if any, symptoms does it have?
First, is your gadget jailbroken? Jailbroken gear bypass Apple’s tight security, exposing your gadget to whatever hackers think of next - and you probably won’t have to be a Hong Kong protester to get hit. My personal preference is to not jailbreak my Apple gadgets, but if you choose otherwise, be extra careful out there!
If you want to restore a jailbroken gadget back to Apple settings, here’s my tip with the step-by-step instructions you’ll need.
Next, does your phone have any symptoms of an infection? There are no known telltale symptoms of WireLurker. But virus-infected apps will usually be unstable and crash, or hang, or have other odd behavior while they run. Please know that a quirky app is not a sure sign of a malware infection. But if you have run apps from third-party app stores or risky websites, and they have not run as expected, then I recommend you err on the side of caution.
If you do suspect your iPad or iPhone may be infected with malware, don’t panic! However, you should take no chances. Instead, just follow these instructions to wipe your gadget clean and start over with factory settings.
1. Use iCloud to back up your device and all personal data on it
2. Go to Settings > General > Reset
3. Tap “Erase All Content and Settings” to clear all apps and data from the device
4. Restart your iOS device and set it up again
5. Sign into iCloud when you set up your iOS device and restore your backed up data
6. If needed, download your apps again from the App Store
You can also attach your iPhone or iPad to your Mac and use the “Restore iPhone/iPad” button in iTunes to factory-reset the device. The key to these steps is they clear out all programs on your iOS device which may have been compromised, and replace them with fresh copies. Your data and files should all be preserved, though you might lose some application settings.
If you suspect that restoring your phone to factory settings didn’t do the trick, then feel free to take the phone to Apple’s Genius Bar. They have system-scanning software that detects and removes any hidden files.
Kim Komando hosts the nation’s largest radio show about the digital lifestyle, heard on 435 stations in the USA and globally on American Forces Radio. Find your local radio station, read more digital news, get the podcast and more at Komando.com.