we want to hear from you >
CIO just released an article featuring Websense on best practices for securing your iPhone and iPad in light of the recent iOS vulnerability, Jailbreakme.com 3.0.
Jailbreakme.com 3.0, operates by exploiting a vulnerability in the PDF reader. All users have to do to install the jailbreak is to click on an app-like button – within a few seconds, their phones are opened up to apps outside of Apple’s approval.
Websense security research manager Stephan Chenette is featured in the article –he argues that the danger lurking beneath this jailbreak is that a hacker could easily reverse engineer it to install malicious code through the browser or email attachment.
“Then the attacker could gain full control of the iPhone, iPad or other iOS device and install everything from a keylogger to a full-blown bot… This isn’t just limited to iPhones; iPad users need to be on the lookout, too.” –Stephan Chenette, Websense Security Labs Research Manager
Stephan’s four tips for iPhone and iPad users to stay safe are also highlighted in the article:
1. Don’t download files from suspicious or non-trustworthy websites.
2. Don’t click on links from unknown or untrusted Web sites or suspicious links from trusted sources (including sites like Google Search).
3. Don’t open email attachments from unknown or suspicious emails from trusted sources. Your friend's email account may have been hacked.
4. As soon as Apple issues a patch, apply it! Many consumers don't patch regularly or do so after it's too late.
Read more about the latest iOS vulnerability at the Security Labs blog.
Today, in a Reuters article, Websense® Senior Security Research Manager Patrik Runald discusses how hackers have revealed a bug in Apple iOS software. The security flaw was discovered today when a popular jailbreaking site (www.jailbreakme.com) released a code for Apple customers to modify their device’s operating system.
In the article, Runald warns that this code could be a major security downfall: cybercriminals could easily download the code, reverse engineer it to find a hole in iOS security and then quickly build malware in a matter of days. The creator of the jail-breaking code, Comex, agrees that the code would not be difficult to reverse engineer.
"If you are a malicious attacker, it is fairly doable.” –Patrik Runald, Senior Security Research Manager
Apple’s iOS software runs on the millions of iPhones, iPads, and iPod Touches sold around the world – any security flaw to iOS holds the potential to create some major damage. Reuters quotes Runald warning that once the device is infected, hackers could do anything they want, including stealing passwords, documents and emails.
Reuters reports that Apple is currently developing a software update to circumvent any potential threats.
In the meantime, learn how to protect your organization from mobile security threats here.
Read a Websense Security Labs™ report on a past jailbreak-related security threat here.
CBS News TechTalk just published an article questioning the security of smartphone passcodes. Patrik Runald of Websense warns about the serious implications of an unlocked phone in the wrong hands, as smartphones frequently have a massive amount of personal or even corporate information stored on the them.
"Just think about the information you have stored on your phone and what would happen if that information came into the wrong hands… Your emails, your contacts, your calendar, your notes... You might have Twitter and Facebook set to auto-login and now the thief can post public messages in your name." -- Patrik Runald, senior manager of security research at Websense
A 20-year-old NYU student is also noted for a recently completed research project on the most common smartphone passcodes. Nearly 10 percent of the passcodes in his research sample were one of five common combinations: 1234, 0000, 2580, 1111 and 5555.
Bottom line: don’t make your PIN something easy to remember or guess. It might seem obvious, but it’s better to be safe than sorry. Proper passcodes are just the first step in smartphone security, but one you must get right.
For more information from the WebsenseSecurity Labs™ click here. Read more about securing company mobile phones here.