At first blush, this malware, known as WireLurker, seems reasonably innocuous, since it is initially delivered solely via an app store for jailbroken iOS devices in China. It’s a little more complicated than that, which makes it potentially a lot more of an issue.
The key is how it is spread. Once you’ve downloaded a WireLurker infected app, it waits for you to connect your iOS device to your Mac. That’s where the trouble really begins. According to Palo Alto Networks, the company that discovered and named WireLurker:
Users’ iOS devices could also become infected if they connected their mobile device to their Macs through a USB wire. “WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” Palo Alto Networks security researchers said. “This is the reason we call it ‘wire lurker.’”
Obviously, if you don’t jailbreak your phone, and if you stay away from unverified USB chargers, you should be safe, right?
That’s where the potential trouble spot lies. The key here is staying within the trusted bubble of the iOS and Mac App Stores. Short of installing a test app, there really is no easy way to get a non-verified app onto your iOS device. But what about the Mac App Store? There are many apps that are freely downloaded from the net, not verified by Apple. What’s to prevent WireLurker from embedding itself in one of those apps and spreading to non-jailbroken iOS devices?
WireLurker points out a weakness in the Apple ecosystem. Is it preventable? Certainly, if you stay within Apple’s bubble of safety, only downloading apps via the App Store. But given that people will not abide by that limitation, is there something Apple can do to prevent this sort of attack? I don’t know the answer to this, but I would wager a large beverage that this exact question is the subject of much discussion in the hallowed halls in Cupertino.