If you use an iPhone, you’re probably aware that only apps approved for and downloaded from the App Store are approved to run.

These apps have a key that is ‘signed’ with an approved company key, and Apple makes it somewhat difficult to get around it.  For those who complain about restrictions like this, it’s a good to be aware that Apple has had negligible mass malicious software infections in iPhone history.

It’s a remarkably secure mini-computer and smartphone to boot.

That may come as a surprise to you.  Indeed, some may say:  Well, Jennifer Lawrence might disagree!  And she did threaten legal action.  But the rash of high-profile celebrity photos, including infamous nude shots—deemed ‘The Fappening’ by the press— were in reality traced back to hackers targeting easy-to-crack celebrity passwords and security questions.

No systems were actually breached on Apple’s side, despite the perception of many that they were.

Now in the news is the story of the rogue Chinese “KeyRaider” program. 
This malicious software has stolen to date over 225,000 user login credentials for iTunes.  From there, the iTunes payment information can be highjacked, sent to a remote server, and used to pay for other apps installed on completely different iPhones.

Again, Apple is undergoing scrutiny in regards to the safety of their data.  As such a high profile technology company, they make an easy target—much like celebrities.  And any person or company whose goodwill is important to their value must deal with affairs of public perception.

‘Perception is reality.’  It’s a well-worn proverb. 
But it’s not always true.  Perception is perception, which is subject to misinformation and the way the public perceives and distorts facts.

Reality is reality, and the reality is that the only phones infected with the ‘KeyRaider’ malware are phones that have been ‘jailbroken’ by the user.   Jailbreaking an iPhone or iPad means removing restrictions in iOS (the operating system for Apple products) that prevent outside programs from directly reaching the root of the iOS file system.  This is NOT something Apple allows, but a dedicated enthusiast can find a work-around.

Once jailbroken, programs not recommended or approved by Apple have an open door to run. 
Sometimes those programs help enhance the usability of the iPhone.  But other times, they cause bad things to happen.  In this case, that open door allowed the ‘KeyRaider’ malware to enter the very heart of the phone’s software code, and infect hundreds of thousands of devices.  As Ryan Olson, a researcher at Palo Alto Networks put it, “Jailbreaking…removes a lot of the protection that Apple has put in place to prevent malware infections.” 

Jailbreaking your iPhone is sort of like having a world-class alarm system, but deliberately turning off the zone that includes the main entrance.  Then leaving the door wide open so that you can enter or leave anytime you want without having to fool with a door.

It’s easier, right?  But please, don’t blame the alarm system if you are robbed.  And don’t blame Apple if you open your iPhone to software the company tells you not to run.

Most iPhone users have nothing to worry about, since most iPhone users haven’t jailbroken their iPhone and are still protected.  The short story is:  don’t jailbreak your iPhone.

The common thread is that humans can be pretty ingenious about trying to hack into records, and other humans can be pretty sloppy sometimes with their security.  That’s why, if you have a company with vital data, you may want some professional help.  5i Solutions can help.

Serious Security

5i Solutions offers encryption, network security, and key management.  You can vary your level of protection by level of protection needed with access control and identity verification.

  • Logs and access reports
  • Site-to-site VPN
  • Encryption capabilities up to AES-256
  • Streamlined key management
  • Firewalls, portioned LANs, and back-end servers separate from public interface
  • Anti-malware, detection, and mitigation
  • Visibility and alerts for user activities

Your data is precious.  5i Solutions’ Cloud Vault treats it that way.

5i Solutions.  One single, secure point of intake, access, and storage.  One singular solution.

Category5i News, IT Security

© 2015 5i Solutions Inc.

Thynks Web Design and Marketing