As Apple’s(s AAPL) market share continues to grow, we are beginning to see a simultaneous growth of security threats such as Flashback and MacDefender. Apple has been slow to respond to threats in the past and continues to that pattern (kudos to Apple for eventually updating OS X Leopard). Eugene Kasperksy claims Apple is “10 years behind” Microsoft(s MSFT) on security, and as someone who fights Windows viruses every day, here are my thoughts on potential threats we could see on the Mac platform, and how to defend against them.
1. Tricking the user by hiding documents
This is the “hot” trend right now in the PC world and usually occurs with a ransomware scare. A piece of malware claims there is a problem with your hard drive or operating system and for proof it adds a “hidden” flag to all your files so it appears your desktop, your documents and pretty much everything you care about is gone. You are convinced the only way to get it back is to run this repair utility.
Admin privileges are not needed to alter file attributes in the user’s home directory (for example, your Documents or Pictures directory, or for anything on your Desktop). This attack could actually be more of a concern on the Mac than the PC because restoration of files via Time Machine could cause unnecessary hours of work.
The malware could be installed via a download link coordinated with a phishing scam or really any file on the internet. A simple Applescript application attached to an email may in fact be the attack vector. While the Finder will warn this is an executable, the user may ignore this warning.
I expect to see lots of “removal tools” or a Mac “antivirus” that claims to remove some kind of malware, but suddenly hides your files and tells you that you are severely infected and need to pay for the full version of the product.
2. Convincing a user to do something by phone
This one is downright scary because it’s so simple and effective. In fact, Microsoft warns its customers about this type of scam. Apple’s growing market share combined with its user demographics make Mac users an enticing and untapped market. Here is how I see it could play out: The victim receives a call from someone claiming to be from Apple convincing them there is a problem with their Mac. The scammer might have the victim surf to a legit-sounding website showing scan “results” or having them go to some obscure and highly technical part of the OS to look at some of the scary-sounding lines in the console log or even booting into single-user mode in order to make the user think their computer is broken and won’t boot to the Finder.
Once the scammer has gained the victim’s trust, they could convince him or her to do anything — including install software with administrative privileges, giving the caller the password to the computer or the Apple ID account, or convincing them to log into a bunch of faux websites, or more. The keychain is a treasure trove of great info for scammers.
Why would someone be calling from Apple out of the blue? How about: “We received the error report you sent to Apple after your recent crash and we are following up on it,” or “We have noticed unusual purchases via your Apple ID and need to confirm some information.” This is a current way Microsoft Windows users are being scammed. Microsoft forums indicate it’s been around since August 2009, or possibly earlier. When this scam first started appearing, Apple’s stock price was $164.72. Today it’s much higher as Apple’s product sales have taken off. As both the stock price and market share have grown, so does the bullseye on the backs of Mac users.
3. Assuring a user you are from Apple and you are here to help
While this one is pure conjecture and speculation, I think this is more of a when rather than an if.
A “mark” walks into an Apple retail store during a busy time period and looks lost. A friendly and outgoing person in a solid-colored T-shirt with an Apple logo and something dangling from his or her neck offers to take care of their computer immediately. With Apple’s eclectic and diverse work force (and no register or employee workstation besides the Genius bar), separating out employees and bystanders is difficult. The scammer posing as an employee engages the customer and offers to help. When requested, the scammer hands the mark the laptop for them to enter the user’s password and then installs remote control software. Now that they’ve got software on the computer, that’s all they need to perform mischief.
Don’t think someone could be fooled into trusting a random person at an electronics store? It’s already happened at Best Buy(s BBY) stores. The Best Buy prank was done for comedic purposes, so it makes sense an unsuspecting retail patron might fall for it when done with less innocuous intentions. I’ve personally been mistaken for an Apple employee multiple times at the local Apple store when my T-shirt happened to be the right color.
Protecting against these social threats is difficult. My one piece of advice — besides having good backup habits — would be to be very careful to whom you give information, and about visiting websites that someone tells you to go to. If you download a file, heed the warning about an executable and download from websites you know and trust. If someone calls you over the phone, be cautious and before you do what they instruct, tell them you will call back. To be safe, call Apple support or the support line of the company claiming to call you. When going to an Apple Store, let only those employees with whom you have an appointment touch your computer.
Note: These suggestions are not meant to give attackers ideas — these are already attacks we’ve seen in the Windows world. Although I don’t agree with Kasperksy that Apple is 10 years behind, Apple definitely is not doing enough to inform and protect its Mac customers when it comes to security.