Newly discovered malware targets iOS and BlackBerry backups
A new type of malware has been identified that primarily attempts to backstab users of iOS and BlackBerry devices. The malware targets the poorly secured backups of the devices stored on PCs rather than the devices themselves.
Security researchers at Palo Alto Networks released their findings on Monday. Although the backstab technique, where a hacker focuses on a backup of the target instead of the target itself, is already known, it is only now apparent that malware is also active that uses this tactic to obtain data from smart devices. . This threat is said to come in the form of 704 different malware types across six families, and the tools have been around for five years in some cases.
The malware variants can infect both Windows and OS X devices and currently mainly target iOS and BlackBerry backups. Android backups would be harder to get hold of. In this way, strict protections on smart devices can be negated by poorly secured computers. The malware wouldn’t even need admin or root access. Backups include things like call history, text messages, voicemails, contacts, calendars, notes, photos, and almost anything else that resides on a smartphone.
Backups of iOS devices would be the biggest target because iTunes backups of the devices are not stored encrypted by default and the devices are backed up by default when plugged in. In addition, Palo Alto Networks says that starting with iOS 9.1, users will see a dialog box during the backup process asking if they want to apply encryption to the backups. Encryption is the default option, indicated by a blue instead of a gray button. Also, iOS 9.1 backups do not contain “sensitive information” if users opt for unencrypted backups. This version of the operating system was released on October 21, 2015.
The researchers keep it short about vulnerabilities in BlackBerry and Android backups. The location of BlackBerry backups is always the same, which makes the malware’s job easier. Android is less vulnerable to the attack because there is no official desktop software to back up the devices. This can be done via the Android device bridge, but those backups are not given default names and are not stored in a default location as is the case with iOS and BlackBerry OS, making them more difficult to trace. In addition, the absence of official desktop software most likely also means fewer Android backups are made.
Palo Alto Networks recommends that users immediately enable encryption on their backups and delete any older unencrypted backups. In addition, the password used to encrypt backups must be strong to prevent brute forcing. In addition, they recommend caution when connecting smart devices to other people’s PCs. Obviously, the use of antivirus software is also important.