The main purpose of WireLurker virus is to write an application (extension. Ipa) calls the iTunes interface through Windows and Mac OS X operating systems, and is signed by Apple's corporate certificate to iOS devices (iPhone, iPad). When the iPhone and iPad are connected to a Mac computer or a Windows computer, the virus will secretly install mobile devices to obtain information such as phone numbers, address books, text messages, browsers, search history, system preferences and so on. At the same time, the virus has the function of detecting automatic version update.
In the past cognition, a common view is that if iOS devices don't jailbreak, malware can only be installed through Apple's official market, and strict review in the official market can protect users from virus threats. On the whole, this statement is not wrong.
However, users who use Apple mobile phones are not only through the official application market, the only software download channel, and there will be some exceptions. Exceptions with a relatively small probability need to start with an iOS software certificate.
The application software of iOS platform uses three certificates:
1. general certificate: after the software developer signs it, the APP is released to the official market, and the user accesses the official application market through iPhone or iPad to download the software; Obviously, when there are more and more products of software enterprises, the management and use of ordinary certificates will be more troublesome, which will affect the progress of developers releasing software and increase the risk of losing certificates. So there is a company certificate of a professional developer team.
2. Company certificate: Several developer teams use certificates to release different applications to the official market, and iPhone and iPad users still download applications from Apple's official market;
3. Enterprise certificate: Not everyone obtains software through open Internet channels. Some enterprises and organizations need some specially customized software for internal use only. Developers can install unpublished internal versions on the intranet for debugging programs. At this time, it is more convenient to sign with the enterprise certificate. Enterprise certificates are in the trust list of iOS system, and the system allows these softwares to run on iOS devices.
However, once the enterprise certificate self-signing software spreads to the third-party market, a third-party market will appear outside Apple's official market. IPhone and iPad can install software with self-signed enterprise certificates without jailbreaking.
The abuse of enterprise certificates will lead to the spread of Trojan virus. Before the spread of WireLurker virus, a security vendor abused enterprise certificate distribution software and was cancelled by Apple. Applications signed with this certificate will be unavailable, and the products of this enterprise will be removed for one year.
Therefore, after Palo Alto Networks disclosed WireLurker virus, Apple immediately blocked the enterprise certificate used by WireLurker virus.
Conclusion:
1.iOS devices have a single channel for downloading and installing software, so it has been difficult to spread malicious programs. Users using iPhone and iPad don't have to worry too much about security.
2. If it is not necessary, users of iPhone and iPad should try not to escape from prison. After jailbreaking, the software download channel and security are really uncontrollable.
3. Software development enterprises should strengthen certificate management. Once the certificate distribution software is abused and blacklisted by Apple, the consequences will be very serious. For example, the above-mentioned case of abusing corporate certificates was dragged down by Apple for one year, and developers should learn a lesson and avoid repeating the same mistakes.
4. Install antivirus software on the computer to cut off the possibility of virus spreading from the computer to mobile devices.