For this third edition of the Weekly Cybernote, we shall first talk about a new malware program that has been rampant on the web, targeting jailbroken iPhone users. We will then touch on an Israeli start-up that may have developed a technology capable of detecting Stuxnet-like attacks. To conclude, we will go over the Interior Minister’s plan to create, among other things, an online portal to report potential wannabe cyber-terrorists.
Malware steals the Apple IDs of users of jailbroken iPhones
When someone tells you that jailbreaking an iPhone is bad, they’re not kidding! Indeed, some iOS users have recently come across an illicit library of unknown origin on their online devices, which has turned out to be a malware program that targets Cydia Substrate, a specially designed framework for jailbroken terminals that allows developers to build modifications for iOS. This platform makes it possible to extend the behavior and use of iOS in ways that Apple has formally prohibited, using key system functions. Called Unflod or Baby Panda, this new malware program takes the form of a dynamic library on the framework, intercepting the SSL Write function on iOS to read data even before it is encrypted and sent over a secure SSL connection. It monitors traffic in order to detect authentication requests to Apple services, and extracts logins and passwords before sending them to an IP address. Based on the earliest analyses, it would appear that everything points to the attack originating in China.
An Israeli start-up may have developed a system for detecting Stuxnet-like attacks
In Israel, the start-up ThetaRay has developed in conjunction with General Electric a security technology that detects attacks similar to the one launched by the infamous Stuxnet worm on critical infrastructure systems used for energy production. The system uses algorithms invented by two Israeli university professors. For the moment, this technology only monitors power-production installations and industrial SCADA systems. Expected to be generally available around September, the technology could also be applied to other industries, such as financial services. The Stuxnet worm, reputed for its sophistication and complexity, was initially developed by American and Israeli intelligence services. For a very long time, the worm managed to carry on its existence unnoticed by creating false data that did not arouse suspicions. Reputed also for being uncontrollable, all power-production installations are in a state of alert, even today, months after its discovery. ThetaRay’s solution would be able to identify this type of attack in industrial systems. It is currently being tested in a power plant in New York.
Toward the creation of a portal to inform on potential cyber-terrorists
Intervening before young adolescents fall prey to cyber-terrorism is one of the main objectives unveiled by the French Interior Minister Bernard Cazeneuve on April 23rd in his anti-radicalization and anti-terrorism plan. One of the plans underway is the creation of an internet portal. You might already be acquainted with the Pharos platform that allows reporting inappropriate or illegal content on the web. Now it is possible to directly report users who look up such content to the Interior Ministry. According to this plan and to the daily Libération, the possibility of gathering internet data remotely from terrorists should be extended.