How to Survive a Big Mac Attack

By Carl Weiss

Courtesy of bostonlegacyworks.wordpress.com

After years of enjoying some of the most secure machines online, lately the vaunted Mac has gotten some worms in its core. Everyone from CBS correspondent Sharyl Attkisson to 17,000 Macs that were recently infected with botnets were reported in media sources. To make matters worse, on October 21, Apple posted a security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.



Even a trio of Google security engineers chimed in by revealing how a design flaw in SSL (Secure Socket Layer) 3.0 could be exploited by criminals. Those hackers could use POODLE to steal browser session cookies, then use the cookies to impersonate victims on websites where they make online purchases, receive email or store files in cloud services.

So if you're a Mac user or computer lover, you'll want to read this week’s episode of Working the Web to Win, as we cover The Big Mac Attack.

Apple iOS Resistant to Hacking? That is the Question!

It used to be that Mac, iPad and iPhone owners used to poke fun at PC and Android users, bashing them for the many ways and means that malware compromised these non-Apple systems.  Of course, when you maintain an iron grip on who gets to develop software and hardware for you as Apple has always done, then there are many fewer paths of infection that can compromise a system.  PC and Android have always been a proponent of open architecture, which means that anyone and everyone was free to develop everything from apps to operating systems.  This makes them patently more vulnerable to backdoor hacking.  However, a spate of highly publicized iOS and OS X security issues have left Apple devotees wondering what happened.

courtesy of www.trendmicro.com

The "New York Times" recently reported: “While malware attacks have been possible against jailbroken IOS devices for some time, a new piece of malware has been discovered that can infect even iPhones that have not been jailbroken.“

Additionally, Palo Alto Networks discovered a program called WireLurker, which can be used for a number of nefarious purposes including spying on users.

“The point of entry seems to be OS X computers, with researchers having found 467 malware OS X applications in the unofficial Maiyadi App Store in China that were downloaded more than 356,000 times in the past six months in the region.  Once on a Mac, WireLurker can infect any iPhone that’s connected via USB to the computer, and install malicious applications.  WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers' command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”

While the vulnerability of these systems is troubling, what's even more frightening is that these two hacks were not the only worms in the Apple.  In early October, a Russian security company discovered another flaw in OS X that enabled hackers to take control of some 17,000 infected devices using Reddit. 

Courtesy of www.digitaltrends.com

Rt.com reported: “One of them turned out to be a complex multi-purpose backdoor that entered the virus database as Mac.BackDoor.iWorm. It has not yet been determined how the malware spreads, but Russian experts say that once a Mac has been infected, the software establishes a connection with the command server.” (http://rt.com/news/193032-mac-infected-hackers-reddit/)

While hacking in general has always been a concern to computer users, what has really been causing many Apple users to wake up in a cold sweat are the number of ways in which hackers have been not only gaining but using their access.

Case in Point: On October 28^th, Fox News published a report concerning journalist Sharyl Attkisson who reported that her CBS computer and personal iMac had been repeatedly hacked and its contents accessed, including information pertaining to an article on Benghazi that was critical of the current Washington administration.

www.huffingtonpost.com

Fox News further reported: “Further scrutiny of her personal desktop (by a consultant hired by CBS) proved that the interlopers were able to co-opt her iMac and operate it remotely, as if they were sitting in front of it.” 

Even  Silver Linings Have Dark Clouds

And if hacks on iMacs and iPhones weren’t bad enough, Reuters reported on October 21st that Apple’s cloud storage service in China had been hacked resulting in messages, passwords and even photos being compromised.  Employing a technique known as a Man-in-the-Middle attack, hackers were able to superimpose their own site between the users and the iCloud server.  The sophisticated attack was reputed to have been perpetrated by the Chinese government.

Courtesy of Reuters.com

The reuters.com article went on to say: “An Apple representative declined comment on the allegations that Beijing was trying to spy on Apple customers, but noted that the company had updated its technical support page to provide advice on how to protect against such attacks. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.” 

Apple iOS Rotten to the Core? What Does Home Depot Think?

While these well-publicized security breaches have given a number of people pause to reconsider Apple’s new-found vulnerabilities, there are still a number of people and organizations that still believe the latest big Mac attack is no cause for alarm.  Quite the contrary, if you read the November 10^th blog by livetradingnews.com, which detailed Home Depot’s recent security breach happened, you'd know why.  After the retail giant’s Microsoft-based payment data system was relieved of 53 million email addresses and 56 million credit card account numbers, the company bought two dozen new iPhones and MacBook’s for its senior executives.

Courtesy of  the Livetradingnews.com

The article went on to state: “It is not that Apple devices have not faced any security problems in the past. They even had security issues, but still Apple Inc.'s iPhone and MacBooks are comparatively secure platforms. They can deal with the malware and other threats in a much better way. Still, whether the use of Apple Inc. MacBooks and iPhones can solve the problem of security breaches for the Home Depot or not, time will tell. It is a high time for The Home Depot to seriously find the cause of the problem.” 

You're Part of the Solution

The sad fact of the matter is that regardless of the type of machine that you, I, or multinational corporate executives choose to use, there is no way to completely bulletproof yourself against hackers.  In fact, there is no form of protection for "stupid." Most security breaches are initiated because of some kind of user-induced error. All you can do is make sure you keep your machines protected with at least three layers of anti-malware software, keep your software updated and be vigilant.

We recommend checking out “Mac Booster” by I Obit and “WebRoot” anti-malware system. You can also read these Mac anti-malware comparison articles in "MacWorld," Mac Antivirus Internet Security Software, Malware Review” and on ZDNet, “Testscompare Mac OS X anti-malware products.

If you haven’t read any of our recent articles, check out; “Hack Attack is Back”. If you’re looking for more detailed information, you might also want to read “The Scariest Stuff Online” and “Spring Cleaning Means Taking Out Cyber Trash”. Or just type in the keyword “Hacking” in the search box, in the upper right hand section of our blog.

There is still one tough question that begs to be answered.  As with any Big Mac Attack ... “Do you want fries with that?”

In this article, I discussed a variety of vulnerabilities that have recently surfaced with Apple iOS and iCloud systems. I covered many of the exposed vulnerabilities, recent botnet and other hack attacks perpetrated on high-profile Mac proponents, including CBS media reporters. If you want to find more articles like this type in Hack in the search box at the top of the page. If you like this article, pass it along to your family, friends and colleagues. If you have a comment or other ideas related to this article, leave them in the Comment section below. If you want to contact me, my contact information is listed below. 

If you'd like a free copy of our eBook, "Internet Marketing Tips for the 21st Century," please fill in the form below and we'll email it to you. Your information is always kept private and is never sold.

Carl Weiss cooks up online controversy every Tuesday at 4 p.m. Eastern on BlogTalkRadio. He is the co-author of "Working the Web to Win," a book based on the hit BlogTalkRadio show by the same name. He can be reached at Carlw@workingthewebtowin.com or by calling the office at 904-410-2091.

Related articles

• VIDEO: WireLurker Is Out to Get Your Mac, iOS Device
• WireLurker: new malware targets Apple users
• Malware attacks Wirelurker iPhones and iPads
• Possible iOS Security Flaw Revealed On Apple Devices
• 'WireLurker' Malware Targets Apple Devices in China
• WireLurker attacks Apple products, leaves iPhones and iPads open to attack
• iOS Handsets and OS X PCs vulnerable to new malware
• Apple was warned about WireLurker months ago, Georgia Tech researcher says
• WireLurker attacks against iOS devices also launched from Windows PCs
• Myth of malware-less Mac MURDERED: WireLurker smacks Apple in the box (The Register)