Oh dear… an unsecure device gets even… unsecure… er? Reddit finds malware as a library file called “Unflod.dylib”.
Let’s face it… there are a fairly large number of iOS users that dislike the restrictive “walled garden” of Apples iOS enough to do a thing to their device (iPhone/iPod/iPad) called “Jailbreak”. I find that name rather apropos. Ha!
Jailbreak allows said intrepid user to modify their device in ways Apple never intended. Things like downloading apps from sources other than Appstore, changing overall layout, etc. (much to Apple’s chagrin).
Well… that clearly puts a Jailbroken iOS device into the realm of the “Wild Wild West” of mobile security that is common to the Android experience.
A group of interested people at Reddit have discovered yet another malware “boo boo” for users of unsecure platforms. It’s been dubbed “Unflod Baby Panda”, and this little jewel listens to all the SSL traffic on your device. Almost seems/sounds like an extension of “Heartbleed” which is a SSL attack as well. Not going to bore everybody with the geeky stuff, you can read it here… But here’s an excerpt…
“As you can see from above the developer certificate issued by Apple is registered to a person called WANG XIN. This person might be a fake persona, the victim of certificate theft or really involved. It is impossible for us to know, but Apple should be able to investigate from this information and terminate that developer account.
Furthermore the signature date is the 14th of February of this year, which hints at this threat being around for a short while now without being discovered.”
“We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.”
Suffice to say that this is yet another reason to stay with and/or go for a BlackBerry solution. Both Android and obviously iOS can be “rooted” or “Jailbroken”. BlackBerry cannot be violated in this way at all.
Moral of the story? Get a BlackBerry device dear gentle reader. It’s not going to get any easier/better for those other unsecure devices. All they can do is fight the never ending battle like Microsoft does. Spy versus Spy, never ending. And it’s completely unnecessary.
You know what to do… Z30 anyone?