Mobile Security Weekly – Why Is iCloud Raining On Us?

There is only one story dominating the tech sites worldwide at the moment. The celebrity picture scandal has brought a lot of unwanted attention in Apple’s direction. That isn’t to say that Android should come out of this a winner – this time it was iCloud, next time it could be something else. Blame is being thrown every which way – just make sure your enterprise uses the misfortune of Jennifer, Ariana, Victoria and the rest to protect itself in the future.

The latest celebrity scandal exposes mobile security
Much has said on the topic of the biggest tech headline this week. With the iPhone 6 launch just a week away, Apple are surely turning to the stars to see what they’ve done to anger the gods.

The security of iCloud is at the center of the scandal after hackers allegedly exploited weaknesses in the iCloud service (within the Find My Iphone feature, to be exact) to gain access to the private accounts of stars including Jennifer Lawrence, Kate Upton & Kim Kardashian. Apple is claiming that iCloud isn’t to blame and this is rather a matter of the users’ choice and protection of their own personal credentials.

http://www.theregister.co.uk/2014/09/03/smut_slingers_sell_out_friends_to_pervert_hackers_for_nude_pics/

This is the way we see it. Regardless of who is to blame, let’s look at the facts. Whether you’re a celebrity or a security professional trying to gain control over the Consumerization of IT, cloud services, social network apps and mobile browsers make up a huge chunk of the time spent on a mobile device.

In the world where BYOD is part of most enterprises, there are a couple of critical takeaways here:

• The reality is that services and apps will eventually be hacked. As PC-experience has shown, we can’t rely on users to keep their devices and accounts secure. Unfortunately, as this case shows, the level of security that device vendors and app developers provide is still inadequate. As a result, it is necessary to resort to compensating security controls.
• The fact that this attack targeted the rich, famous and beautiful means that the F.B.I and
  Apple are both acting much faster than they might in other cases. Accordingly, we cannot expect the same VIP reactory and security treatment of our personal and corporate mobile devices.
• It’s up to enterprises to make mobile security part of their comprehensive security strategy


Mysterious Fake Cell Phone Towers in America Are Intercepting Calls
Seventeen ordinary-looking cellphone towers allegedly have a much more malicious purpose than it appears. These mysterious towers found across America, that can only be identified with special devices, can both eavesdrop (by implementing a Man in the Middle – MitM attack) and wirelessly attack mobile devices.

Even though the “fake” towers operate some similar functions of normal cellular towers, experts say that there is significant evidence that they are capable of infecting a device with a malicious payload – whether a simple strand of malware or an advanced mRAT (Mobile Remote Access Trojan).

By using hacked baseband chips, something thought to be out of the reach of all but nation-states, the towers target the ‘Baseband’ operating system of mobile devices – a form of secondary OS which sits ‘between’ iOS or Android and the cellular network.

http://www.computerworld.com/article/2600348/mobile-security/are-your-calls-being-intercepted-17-fake-cell-towers-discovered-in-one-month.html

Why is this Significant?
The fact that these towers have been discovered but nobody knows who they belong to is definitely worth noting. Since 99% of users don’t have the capability to discover where the malicious towers are, ensuring the security of a mobile device by using a dedicated security platform is all the more critical.