Backdoor Malware Targets Apple iPad 196
An anonymous reader writes "Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device. The threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software. Apart from opening up a backdoor, it also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts."
Wrong wrong wrong... (Score:5, Informative)
See here for further details : http://www.theregister.co.uk/2010/04/26/ipad_backdoor/ [theregister.co.uk]
Re:Wrong wrong wrong... (Score:4, Informative)
Why modded Flamebait??
http://news.bitdefender.com/NW1493-world--iPad-Users-Targeted-by-Backdoor-Dissembled-as-iTunes-Update.html [bitdefender.com]
Re: (Score:2)
Malicious modding. Some people throw a hissy fit when their FUD is debunked. It doesn't matter if the FUD is anti-Microsoft, anti-Apple, anti-Google, or anti-something-else. People who like the FUD don't like hearing that it's BS, and people who really love FUD are often petty and malicious.
Re: (Score:2)
If I had to guess, I'd say it's because they called people who bought iPads "idiots."
Re: (Score:2)
1. Start with a working product.
2. Jailbreak and install Android.
3. Be close to a working product (this step is traditionally supposed to be PROFIT!!!)
Who are the idiots again?
Re:Wrong wrong wrong... (Score:4, Funny)
Just because you can't think differently in a manner identical to all the other fruits, doesn't make them idiots...
Re: (Score:3, Funny)
I thought that you called the Windows users idiots ;)
Re:Wrong wrong wrong... (Score:4, Funny)
Re: (Score:3, Insightful)
I would whole heartedly agree with that statement.
I had to clean 30 new "internet security 2010" infections this week... Even though the users have been instructed on how to not get infected....
Honestly, 60% of all computer users are idiots... this is a universal fact.
Re:Wrong wrong wrong... (Score:4, Insightful)
Re: (Score:2)
How did you instruct them? Did you send them an email, which they ignored with the other 20 emails they get every week? That is not a good way to instruct people. Do you have a training session whenever anyone new comes into the company? Do you send out fake email to try to trick people, redirecting them to a site that tells them off?
Maybe you are the problem?
Re: (Score:2)
Re: (Score:2)
Funnily enough, less=more is the apple fanboy mantra.
(some actually think that removing features makes a product better, and adding features makes a product worse - seen in an iPhone vs. N900 review).
Re: (Score:3, Informative)
Yes. People with good taste.
Re: (Score:2)
By using the concept 'good taste' you push Apple products even further into the realm of fashion. Taste is as subjective as it gets and to claim that preferring Apple products shows you have 'good taste' shows you don't judge Apple products by objective criteria but more by whether they appeal to your sense of fashion.
Some people claim that those who wear clothes which are in fashion show they have 'good taste'. Nobody will claim those fashionable people wear factory-ripped jeans with
Re: (Score:2)
Good taste is not a product of fashion.
I didn't say anything about Apple products. The people I said had good taste are the ones described as "some actually think that removing features makes a product better, and adding features makes a product worse"
We're talking about good design. That's far too big a topic to discuss enough to reach a conclusion in a /. post or two, but the concept that adding too ma
Re: (Score:2)
Well, you have fun with your "good taste," I'll enjoy my "tasteless" functionality.
Re: (Score:2)
But your a Linux user aren't you? That of course has has both far worse UI design AND less functionality than OS X. I mean the Windows USERS could at least make a claim for more functionality. But you can't.
Re: (Score:2)
Maybe less functionality than OSX out of the box, but it can meet or exceed the functionality of OSX if required, and it can interoperate with other apps on other OSes much more easily. And it's free and not tied to any specific hardware (yeah I know you can jump through hoops and break EULAs to install OSX on non-Apple hardware, whooptie doo, I can recompile Linux for different CPU architectures if I need to.)
Also I hope you aren't suggesting Windows has more out-of-the-box functionality than Linux. Even t
Re: (Score:2)
No, I was upset, also about the lack of a digital compass. Luckily there's a free 3rd-party app for MMS (although I don't really use it myself).
Re:Wrong wrong wrong... (Score:5, Informative)
Re: (Score:2)
Exactly. Its a Windows Trojan that happens to target iPad owners. Its no different than any other trojan mailware targeting users of windows that happen to own some other product, like all the "symbian viruses"
The only concern is the iPad can in fact be access such, which I'm sure is a door apple will close quickly (and its likely a door firmware hackers have enjoyed using for some time to jailbreak the iPhone OS, so yet again that door will likely be closed, and apple will get blamed for blocking jailbre
Re: (Score:2)
I was already wondering, wasn't the whole ban around unsigned software on i$whatever devices to keep malware from popping up?
Re: (Score:3, Interesting)
Yep, and it works great.
This infection is a windows virus that runs on the windows machine, then tries to identify information being sent from the windows machine to the iPad, disguised as an iTunes update. It's a classic man-in-the-middle attack.
Re:Wrong wrong wrong... (Score:4, Informative)
Nowhere does it imply that any information being sent from the windows machine to the iPad is being read or intercepted. It's just your typically hosed Windows box.
Re: (Score:2)
Looks like you lost the part where it says:
An e-mail invitation to an iTunes update gets iPad users’ PCs into backdoor trouble.
It's after the heading and before the text of the blog post. Usually called caption.
Re: (Score:2)
http://www.malwarecity.com/blog/ipad-users-targeted-by-backdoor-dissembled-as-itunes-update-803.html [malwarecity.com]
Re: (Score:2)
Oh right, sorry! No, according to the blog post, the iPad itself would not be involved at all. "iPad" there is just an excuse to lure the iPad owner to install a malware that affects the Windows PC like any other malware would.
The misunderstanding comes from this difference:
Blog post:
(...) opens up a backdoor that allows unauthorized access to and control over the affected system. (...) attempts to read the keys and serial numbers of the various software installed on the affected computer (...)
Article:
(...) opens up a backdoor which could let the perpetrator gain unauthorised access to the device (...) tries to read the keys and serial numbers of the software installed on the device (...)
Re: (Score:2)
It sounds like the trojan is completely generic. It does not do anything about the iPad at all, it is designed to spy on the user's Windows use.
Re: (Score:2, Insightful)
Unfortunately, "Backdoor Malware Targets iPad Users" wouldn't have had the word "Apple" in it, and thus would not be eligible to be a headline on Slashdot.
Re: (Score:2)
Re: (Score:2)
Yes, thank you... Anyone with iTunes should ALSO know, most especially Windows users who raised quite the stink about it, that ALL apple software is updated EXCLUSIVELY through the Apple Software Update Utility, and that Apple NEVER advertises updates through anything resembling SPAM mail.
Re: (Score:2)
This DOESN'T infect the iPad at all. It targets the idiots who bought an iPad but it is a WINDOWS virus.
Uh. I wasn't aware the iPad even ran Windows.
Re: (Score:2)
This is a pretty mundane Trojan. If you give the end user a means to run it, they probably will.
This applies equally well to the Mac.
How do you keep a moron with a shotgun from shooting his foot off?
Re: (Score:2)
How do you keep a moron with a shotgun from shooting his foot off?
Hand the gun to a Vice President?
Re: (Score:2)
No it doesn't. Virtually all malware targets windows. You have to be quoting a lot of decimal places before the malware targeting Macs is not 0%.
Re: (Score:2)
You mean like the sandboxing in Mac OS X?
Re: (Score:2)
using the same unsubstantiated "facts" that you do, I made just over 1.1 million last year selling a custom computer software program to a very targeted group of customers who have no other means of doing what my software does short of writing their own.
Re: (Score:2)
I made a billion dollars between my two jobs as male porn star and supercar test driver.
Re: (Score:2)
Re: (Score:2)
Nice try though.
Write misleading headlines much.. (Score:1)
Yes the headline is true, but it is certainly misleading.
Re:Write misleading headlines much.. (Score:5, Insightful)
Re: (Score:1)
Your right :) I saw the story early somewhere else and did not even bother to read the summary after the headline that implied there is a backdoor into ipads.
Re: (Score:2)
Your right :) I saw the story early somewhere else and did not even bother to read the summary after the headline that implied there is a backdoor into ipads.
It does have a back door, its build in the OS from Steve Jobs since its running a spin off of the iPhone's OS. [cnet.com] 1 [idealo.co.uk] 2 [technocake.com]
Re:Write misleading headlines much.. (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re:Write misleading headlines much.. (Score:5, Insightful)
Re: (Score:1)
How is it true, when the malware doesn't ever touch iPad, and works without an iPad.
Re: (Score:1)
Well it kind of targets iPad users on Windows. I was being generous :)
Re: (Score:3, Informative)
Re: (Score:2, Funny)
I don't own an iPod/iPhone/iPad, please help (Score:1)
Is it common for software to announce updates via email? Given that the device would presumably have a net connection, any legit updates ought to be pushed out through the iTunes store.
Re: (Score:2)
Operating system updates are pushed out through iTunes when the phone/iPod is docked. Other app updates are pushed out OTA. There is no e-mail involved. I suspect the iPhone platform is not the only one that has users receiving such e-mails.
Not quite..... (Score:1)
Re: (Score:2)
The plural of box is boxes ... please stop trying so hard to sound smarter than you are.
Re: (Score:2)
So people who do not have much sense get an iPad and a windows machine? Because this doesn't affect people who are running Mac OS?
So you are suggesting that all people with iPads/iPhones/iPods should get rid of their virus-ridden Windows box?
Clarification... (Score:3, Informative)
An e-mail, purporting to be from Apple, informs people that their iPad needs to be updated. Steps given for updating your iPad:
1) Download an iTunes update for Windows (itunes.exe) and install;
2) Connect your iPad to the Windows computer;
3) Select iPad in the iTunes sidebar;
4) Click “Check for update” then “Update” to finish updating your iPad’s software.
Note that there’s no legitimate reason that you’d ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Needless to say, your Windows computer will be infected with the virus if you execute the itunes.exe that you were instructed to download and install. It appears that your iPad will be none the worse for having an idiot for an owner.
Updates *are* done over USB (Score:5, Informative)
Note that there’s no legitimate reason that you’d ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Now, I don't have an iPad, so I don't know how they're updated, but the iPhone and iPod touch, which also have their own internet connections, get software updates through iTunes, over USB.
This is how it's always been done.
Dan Aris
Re: (Score:3, Informative)
Why is simple -- it replaces the firmware, by booting the phone into a mode where the firmware can be updated via USB (and the OS isn't running).
You can't easily upgrade an OS out from under itself.
Re: (Score:2)
You can't easily upgrade an OS out from under itself.
The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
Re: (Score:2)
You can't easily upgrade an OS out from under itself.
The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
I don't know if there are specific technical reasons for it, but it seems to me that since
Dan Aris
Re: (Score:2)
You can't easily upgrade an OS out from under itself.
The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
Because standalone versions of OS X aren't running from firmware.
MacBook Air (Score:2)
Re: (Score:2)
Mac OS X: Available firmware updates [apple.com]
Re: (Score:2)
The obvious reason is that the iPhone/iPad/iPod runs on batteries, and if the OS is updating itself, then runs out of batteries, you are screwed.
This is obvious, to anyone with a technical background.
Re: (Score:2)
Re: (Score:2)
Uhm, what? Linux distributions do this all the time.
(However, they are not usually installed in firmware, I'll admit).
Re: (Score:2)
WTF? Then OTA updates for Android and RIM must be some ground-breaking innovations!!
Re: (Score:2)
I'm sure you can spend five minutes on Google to educate yourself on the difference ...
Re: (Score:2)
Re: (Score:2)
You can't easily upgrade an OS out from under itself.
You must not be a Debian user ;}
System installed as Debian potato (v2.2) and currently running the almost newest lenny (5.0) through 4 major version releases without any reinstall.
After etch (v4.0) I think it was, you can even upgrade your kernel while it is running, with no reboots.
Not to mention this is something even Debian only started about a decade ago, and has been standard practice in the mini and main frame worlds, and almost as long of a practic
Re: (Score:3, Informative)
A few points:
-AT&T doesn't like downloads over their network larger than 10MB in size. If you buy an app larger than that, it'll tell you to find a WiFi connection and try again. Some of the previous iPhone software updates have been a few hundred megabytes - try downloading that over 3G in a reasonable amount of time.
-Plugging in to a computer before updating the software forces the user to make a backup. The otherwise stand-alone nature of the iPhone makes it rare for me to plug my phone in to my comp
The OS is not an app. (Score:2)
Actually, all of the devices in the platform do allow app upgrades over their own connection. You *can* use iTunes and USB, but apps 10MB or you don't have carrier data you can upgrade them over wifi. The app store icon will even notify you when there are upgrades available.
Yes, for apps. Not for the OS itself, which is what was being talked about.
Dan Aris
no reason to need a second computer? (Score:2)
Note that there's no legitimate reason that you'd ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Er, just like my iPhone? Which requires being connected to a second computer to update it?
Disappointed in /. (Score:4, Funny)
I'm disappointed that there have been no Apple User/Backdoor jokes in this story yet. I'll check back in an hour. Don't kill my faith in /.
Re: (Score:2, Funny)
Re: (Score:2)
Thank you, sir. I applaud your efforts and admire your wit.
Re: (Score:2)
Re: (Score:2)
br? Step one: The iPad's 3G connection is not for voice. It's data. Only data.
Re: (Score:2)
But I don't hate Apple. I have an iPod, have had a Mac Mini (Core Solo 1st generation), but what I hate is the religion around Apple products. And like any religion, it's not worth talking about it, or should I say, debating it, since the reasons for believing in it are totally irrational.
And I guess that some Apple-Fanboy-Slashdotters have had their modpoints yesterday, they spent it on me (GP post), which proves my point. They have a very poor sense of humo
How about a jailbreak virus (Score:2)
What if someone wrote a virus that automatically jailbroke any apple device connected to iTunes and installed an alternate way of putting apps on the device?
Re: (Score:2)
The original iPhone jailbreak was via visiting a particular webpage in mobile safari.
backdoor? (Score:2)
Virus? (Score:2)
You have to download the trojan named itunes.exe and run it.
This is a "virus" now? What do you call stuff that spreads itself without user intervention... trojans?
How about autorun infections from USB keys... phishing?
Hey Rob (Score:2)
Misleading Title - Does not affect iPads (Score:2)
Note that this is another Windows virus that affects only Windows PCs. .exe files used by virus writers to perpetrate
It does NOT affect iPads or any Mac products.
BitDefender is likely using the iPad's popularity to widen
their Windows anti-virus audience. Most everyone knows
that Macs do not use
Windows viri. Nice attempt at publicity!
Re: (Score:2)
A bit more about malware on Mac Products: .exe files,and most importantly default privlidges do not allow any “foreign” software to be installe
By the way, many hear Macs have no better security than Windows PCs. Nothing could be farther from the truth. It is NOT simply “Security by Obscurity” (10% of laptop Market). Mac security problems (viri etc.) reported have been related to old pre-OSX O/S, Officeand other M$ products run on Macs, pfishing attacks etc. Macs don’t recognize
Re:exactly why... (Score:5, Informative)
Re: (Score:2)
More to the point, the virus never TOUCHES the iPad, or even it;s files on the Windows machine. The iTunes trojan only affects AIM, Messenger, and other application software on the PC, and attempts to steal PC passwords, it;s only using the iPad in name as a method of social engineering, and its technically not even infecting iTunes!
Re: (Score:2, Informative)
The target isn't the iPad, it's the windows box.
Re: (Score:2, Insightful)
If you want to get really pedantic, the target isn't even the Windows box. It's the user's information and the profits that can be gleaned either directly or indirectly from aggregating such information from millions of such users.
I'm guessing that the rationale behind this is that people who snap up the iPad are trend-following sheep with more money than sense who are "easy marks" and thus more likely to fall for a "social engineering" attack such as this one.
Re: (Score:2)
Re:exactly why... (Score:5, Insightful)
Yes well, this virus is infecting a Windows PC, so much for that.
Re: (Score:2)
Just like the iPhone right????
Whoops!
http://en.wikipedia.org/wiki/File:IPhone_sales_per_quarter.svg [wikipedia.org]
Re: (Score:2)
Until Jobsy releases version 4, no virus is gonna run (in the background anyway).
Of course the iPod/iPad/iPhone is more secure ... you can't do fuck-all with it without permission from Apple headquarters ... and even then any virus must be written in Objective-C to conform to Steve's code "laws".
Re: (Score:2)
Until Jobsy releases version 4, no virus is gonna run (in the background anyway).
Of course the iPod/iPad/iPhone is more secure ... you can't do fuck-all with it without permission from Apple headquarters ... and even then any virus must be written in Objective-C to conform to Steve's code "laws".
And so the myth continues. Because the iPhone/iPad is locked down then it must be secure. [cnet.com] Thing is, it wasn't secure and it was because of that lock that people couldn't secure it. It was also the only smartphone that didn't get patched for it even though Apple had been warned for weeks before to patch it and it took 48 hours after it went public to patch. People complained, most didn't know why they had to restore their iPhones though because they didn't even need to touch anything. In the end, iPhone user
Re: (Score:2)
Note the removal of the word "more" by the parent poster. Of course the GP is right. The iPhone/iPod/iPad is most certainly more secure due to it's locked down nature. But that doesn't mean complet
Re: (Score:2)