![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneFirst, if you've upgraded to the latest iOS, v9, go to Settings/Cellular, and scroll all the way down. You'll see an option called Wi-Fi Assist. You'll probably want to turn it off. Last week I received a text that I was 3/4ths through my 10 gig monthly data plan, and I couldn't remember doing anything that could account for a huge spike in my plan usage. It was quite likely this option.
Obviously this only affects iPhone users and not iPad users, though it might if you have a cellular-enabled iPad.
The next is two bona fide malware packages for iPhones from China. It involves falling for porn banner ads that add a certificate manager that bypasses Apple's heretofore strong walled garden. The interesting thing about this particular exploit was that you didn't have to had jailbroken your phone for it to be vulnerable! Phones running iOS 8.3 or older are most vulnerable.
But that's just one of the two. And if you limit your porn viewing to browser-based sites, you're probably fine.
The second one is a lot more serious: some people found a way to hack the Xcode development system which is used to write most iOS programs. The issue is mainly Chinese: because of poor international internet speeds, lots of Chinese developers download the free Xcode development system from Chinese servers rather than from Apple direct, and those copies have been subverted.
Currently the tainted applications have been purged from the app store, and Apple is setting up more servers in China to better control the distribution of the Xcode system, which will improve things.
There was little that could be done to avoid this particular attack because the apps passed inspection by Apple and were allowed in to the app store. So the normal prohibition of only installing apps from trusted sources was subverted in a very clever way, and now defenses are being ramped up to prevent a similar exploit again.
But the perpetual problem is that it's not too difficult to defend against previous attacks. It's the next attack coming that's going to get through at least once.
http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/
Obviously this only affects iPhone users and not iPad users, though it might if you have a cellular-enabled iPad.
The next is two bona fide malware packages for iPhones from China. It involves falling for porn banner ads that add a certificate manager that bypasses Apple's heretofore strong walled garden. The interesting thing about this particular exploit was that you didn't have to had jailbroken your phone for it to be vulnerable! Phones running iOS 8.3 or older are most vulnerable.
But that's just one of the two. And if you limit your porn viewing to browser-based sites, you're probably fine.
The second one is a lot more serious: some people found a way to hack the Xcode development system which is used to write most iOS programs. The issue is mainly Chinese: because of poor international internet speeds, lots of Chinese developers download the free Xcode development system from Chinese servers rather than from Apple direct, and those copies have been subverted.
Currently the tainted applications have been purged from the app store, and Apple is setting up more servers in China to better control the distribution of the Xcode system, which will improve things.
There was little that could be done to avoid this particular attack because the apps passed inspection by Apple and were allowed in to the app store. So the normal prohibition of only installing apps from trusted sources was subverted in a very clever way, and now defenses are being ramped up to prevent a similar exploit again.
But the perpetual problem is that it's not too difficult to defend against previous attacks. It's the next attack coming that's going to get through at least once.
http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2015-10-14 01:52 pm (UTC)no subject
Date: 2015-10-14 08:26 pm (UTC)Presumably this kind of unanticipated switchover's more of a thing for people routinely using outside WiFi setups? (I don't even bother with "free WiFi" - at best, it's liable to be flaky, and at worst, it'll either require registration or just outright won't work. That, versus just continuing to use the same cellular signal as usual - it's not a difficult choice, other than the times there isn't one, landing me right back in the mess mentioned. Unfortunately, I know a few very nice pubs that seem to exist in cellular black holes =:)
The Xcode hack was admittedly quite ingenious. The improved speeds Apple's promising in China should hopefully avoid any large-scale repetition of that method, at least.
It'd probably be impossible to implement, given it'd require support from cellcos, but it seems to me it could be quite handy for cellular iPads (and iPhones) to offer the option of displaying the remaining data allowance in some more prominent position, if desired, whether as an app's live icon, in the lower control panel, or maybe even the status bar. As is, a third party dev would probably have to resort to web scraping, with the obvious difficulties of both having to convince users they weren't using those credentials for anything else, and the fiddliness of having to support every cellco's different setups for letting users know that information, and keeping the scraping patterns updated.