Mac anti-virus software exposes users
Long gone are the days where Apple users were safe from hackers, exploits and vulnerabilities. If you were using MacKeeper anti-virus software on your Mac, your personal records could have fallen into the wrong hands. This comes after news of a white hat hacker, Chris Vickery, who was able to access 13 million customer records by visiting a selection of IP addresses, with no username or passwords required.
MacKeeper is a software package with a suite of different utilities that aim to improve the performance and stability of your mac, which include anti-virus, optimization software and junk removal tools. Vickery who is a security researcher, was able to bypass the security features of MacKeeper and gain access to key storage databases of customer records which contained names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information, as well as software licenses and activation codes.
Although startling, the hack itself wasn’t a result of exploits or vulnerabilities but was published on the open web for anyone to access. Vickery was able to discover this exploit by uncovering four IP addresses that lead him to MacKeeper’s MongoDB and once there using the Shodan search tool, Vickery was able to openly access all the customer records.
But this wasn’t the only security feature gone awry for the Mac software company.
The apparent password protection feature used by MacKeeper was known to be easily exploitable. The password protection feature used a hashing algorithm, which took plain text passwords and turned them into garbled letters ad digits, using a one-way mathematical formula. But the problem was if this mathematical formula was broken all your password would be exposed.
The password protection method used by MacKeeper is called MD5. This specific password method has a number of cracking tools already available, all of which can crack weaker passwords in a matter of seconds. This method also doesn’t allow the addition of random characters to the passwords encryptions therefore making the cracking process virtually more difficult. After realizing the hack, MacKeeper was able to patch and solve the issue and reported only one user, Vickery, gained access to the data storage.
But this brings up an even more important issue, how safe is your data and records on an apple product?
Probably not as safe as you would imagine. As this hack comes after a huge security flaw was discovered only months prior that exposed a vulnerability in Apple app store.
Discovered by researchers, they figured out a major flaw in the way apps in the Apple store communicated with each other, and through the use of a third party malware app were able to bypass security checks and steal user passwords and critical app data. Leaving all existing apple devices such as iPhones, iPads and mac open to this exploit.
The consequences of such exploits could be highly problematic for Apple users, as when tested 88.6% of all apps were completely exposed to this vulnerability, which included some of the extremely popular apps like password manager 1Password and Google Chrome. With over 800 million apple users today, this leaves a statistically large number of end-users open to vulnerabilities.
But what does this mean for the end-user?
This means your Apple product might not be the best devices for your SMBs or business needs. With such a large user base, Apple is becoming more and more the target of such exploits and with issues popping up more and more, this means your personal and corporate data can fall into the wrong hands without you noticing. But we have good news, there are healthy alternatives.
With Windows, Linux, Blackberry, Windows and Androids computing and mobile devices to choose from, you can ensure that your mobile devices remain safe and secure.
Additionally with any proper risk assessment strategy in place, you can further protect your corporate and personal data from intruders both inside and help.
Here are 5 ways you can prevent data from your mobile devices from falling into the wrong hands:
1. Malware and clicking unknown links. Opening suspicious emails or clicking on unknown links can put you in harm’s way. Hackers can use these phishing techniques to steal your personal data on your mobile devices or computers. The best defense is to ensure proper security updates on your mobile devices and being aware of what you click.
2. Ensure proper passcode and login protection. The first line of defense when your mobile device is stolen is your passcode and login protection. Having a passcode ensures an extra line of defense against any intruders who want to access your device. Having it be the difference between your data staying safe of falling into the hands of an intruder.
3. Prevent involuntary releases of data. Having the proper privacy settings in place is important. Not to mention, leaking personal information wherever you go, but having a properly configured privacy setting can help you prevent additional exploits and hacks from intruders. This can also determine how much of your information each application collects such as location, personal information and other credentials. So ensuring your privacy settings are updated is important in keeping all of this information from falling into the wrong hands.
4. Completely wipe and delete user data when replacing previous phone. It’s vastly important if you’re using or recycling mobile devices to perform a complete wipe before using it or handing it off to someone else. Call history, contacts, email, management and financial apps tool and photos can be stored on a mobile device and accessed by the new user if they’re not properly wiped by the original owner. This is why it’s vital to do a complete wipe of your mobile devices when you’re no longer using them or plan on recycling them. All the mobile devices have a different process of doing a complete data wipe, so figuring out the proper one is important to ensure the safety of your data
5. Turning off wi-fi to prevent network spoofing. When a mobile device connects to foreign wi-fi source there are exposing themselves to eavesdropping, unintended sharing of information and malware installation. You can prevent this by turning off your wi-fi when not in use and be wary of connecting to foreign wi-fi signals when you’re out and about.
Taking preemptive measures to ensure your networks security and mitigating risks is something you have to do. For more information check out our security services page.