we want to hear from you >
CIO just released an article featuring Websense on best practices for securing your iPhone and iPad in light of the recent iOS vulnerability, Jailbreakme.com 3.0.
Jailbreakme.com 3.0, operates by exploiting a vulnerability in the PDF reader. All users have to do to install the jailbreak is to click on an app-like button – within a few seconds, their phones are opened up to apps outside of Apple’s approval.
Websense security research manager Stephan Chenette is featured in the article –he argues that the danger lurking beneath this jailbreak is that a hacker could easily reverse engineer it to install malicious code through the browser or email attachment.
“Then the attacker could gain full control of the iPhone, iPad or other iOS device and install everything from a keylogger to a full-blown bot… This isn’t just limited to iPhones; iPad users need to be on the lookout, too.” –Stephan Chenette, Websense Security Labs Research Manager
Stephan’s four tips for iPhone and iPad users to stay safe are also highlighted in the article:
1. Don’t download files from suspicious or non-trustworthy websites.
2. Don’t click on links from unknown or untrusted Web sites or suspicious links from trusted sources (including sites like Google Search).
3. Don’t open email attachments from unknown or suspicious emails from trusted sources. Your friend's email account may have been hacked.
4. As soon as Apple issues a patch, apply it! Many consumers don't patch regularly or do so after it's too late.
Read more about the latest iOS vulnerability at the Security Labs blog.
Today, in a Reuters article, Websense® Senior Security Research Manager Patrik Runald discusses how hackers have revealed a bug in Apple iOS software. The security flaw was discovered today when a popular jailbreaking site (www.jailbreakme.com) released a code for Apple customers to modify their device’s operating system.
In the article, Runald warns that this code could be a major security downfall: cybercriminals could easily download the code, reverse engineer it to find a hole in iOS security and then quickly build malware in a matter of days. The creator of the jail-breaking code, Comex, agrees that the code would not be difficult to reverse engineer.
"If you are a malicious attacker, it is fairly doable.” –Patrik Runald, Senior Security Research Manager
Apple’s iOS software runs on the millions of iPhones, iPads, and iPod Touches sold around the world – any security flaw to iOS holds the potential to create some major damage. Reuters quotes Runald warning that once the device is infected, hackers could do anything they want, including stealing passwords, documents and emails.
Reuters reports that Apple is currently developing a software update to circumvent any potential threats.
In the meantime, learn how to protect your organization from mobile security threats here.
Read a Websense Security Labs™ report on a past jailbreak-related security threat here.