Apple is preventing applications infected with the WireLurker malware from launching on its Mac products, the Wall Street Journal reports, in an effort to contain the malware’s spread. The researchers who discovered the malware estimate that it may have already infected hundreds of thousands of iOS devices, leading them to call it a sign of a “new era in iOS and OS X malware.“
It’s not yet clear what WireLurker’s creator hopes to accomplish. Palo Alto Networks, the company that discovered the malware, says that it’s currently being used to add a third-party comics app to infected devices as a proof-of-concept. Besides that, it seems like it’s being used to gather information from address books, iMessages, and some Alibaba software.
This ambiguity, combined with the fact that WireLurker is the first malware known to infect even non-jailbroken iOS devices, led Palo Alto Networks to call it a serious threat to iOS users. But others have argued that WireLurker itself isn’t as worrisome as the underlying problems that allow it to spread. As researcher Jonathan Zdziarski explains in a blog post on the subject:
The bigger issue here is not WireLurker itself; WireLurker appears to be in its infancy, and is mostly a collection of scripts, property lists, and binaries all duct-taped together on the desktop, making it easy to detect. The real issue is that the design of iOS’ pairing mechanism allows for more sophisticated variants of this approach to easily be weaponized. […] While WireLurker appears fairly amateur, an NSA or a GCHQ, or any other sophisticated attacker could easily incorporate a much more effective (and dangerous) attack like this.
The potential for government abuse might be the scariest aspect of WireLurker. Officials on both sides of the Atlantic have complained about the increasing amounts of security used by tech companies in Edward Snowden’s wake, and they’ve demonstrated their willingness to use underhanded tactics in their pursuit of information by compromising data servers, using surveillance dragnets, and even pretending to be a news publication to install malware on a target’s computer. It isn’t hard to imagine them exploiting this vulnerability for their benefit.
These concerns are currently hypotheticals. It’s not clear who else might have known about the exploit used by WireLurker to infect iOS devices; it might be contained in China at the moment, or it might have been discovered by intelligence agencies and hackers who have already taken advantage of it without being spotted. Efforts to understand this vulnerability are just starting.
[illustration by Brad Jonas]