WireLurker & iOS Devices
![[Deleted User]](https://wf.vanillicon.com/v2/f3285af8adeb45754ef22fb1360f71f9.svg)
I'm not an security expert, in fact I don't know much about it other than running my desktop security scans. I'm concerned because I got compromised from the Home Depot breach.
I read an article about WireLurker in China running on iOS devices. I have 1PW5 on my iPhone, iPad, iMac and MacBook. I understand that WireLurker not only looks at data files but at screen data.
I've read your articles about the Russian breach and how the encryption process works. I also know that the best defense is not getting the malware on my devices but should that not work out how will 1PW5 protect my data?
Comments
-
Hi @lov2krz,
WireLurker is actually complicated to pull off as it requires you to do several things, download an infected app from an unauthorized third party app store, trust the app to be installed on your iOS device among other things.
Apple has already blocked the app from running on any Macs and revoked the certificate that was used to install the app on the iOS device. So, it is virtually impossible to be affected by it now. It doesn't mean another attack isn't coming but it is still very difficult.
For 1Password to be compromised; the malware needs to modify the OS to bypass its secure keychain input (which is extremely difficult to do), meaning that it needs to inject itself into your keyboard process. Why is that important? By default, iOS doesn't allow any processes to listen to your keyboard when you're typing into the password field. If iOS is compromised by that, then all bets are off. It only needs your master password and a copy of your data file to start decrypting the data.
It's the same for your Mac, once the Mac is compromised and the keylogger bypasses the security to listen to your keyboard, it will capture your master password and that's all it needs to do to get into your Mac.
You'll find this blog post useful to read: https://blog.agilebits.com/2014/08/21/watch-what-you-type-1passwords-defenses-against-keystroke-loggers/
0 -
Thanks, most of it was way over my head.
There is only one piece of software, actually an add-on to Safari and Firefox, is the Flash update. All I get is a pop up stating that flash isn't installed (usually with a picture/video holder window) that basically says I need to activate Flash. I do this all to often. Some times the video still doesn't play. I guess I should be scared.
0 -
Hi @lov2krz,
It's hard to say. I definitely don't feel comfortable telling you one way or another if you should be scared. If it's specifically WireLurker you're worried about, there are guides online on how to check to see if your system is infected and how to remove it. Here's one such guide. If it's key loggers or malware in general, then it's a much wider set of things.
In general, we have to trust that your devices themselves are secure. If that trust is broken, then there's nothing 1Password (or any software) can do to protect you and your data.
If you detect that your devices are not secure, then you should export your 1Password data to something like a USB thumb drive, delete all 1Password data locally, wipe the device of all traces of the malware (possibly requiring a whole re-install of the OS to be sure). Setup 1Password anew (with a new master password), and import from that USB thumb drive. The process of deleting all 1Password data, and creating a brand new vault will create you new encryption keys. This has to be done while the malware is not present, which is why we have to delete all traces of the malware before it. Now that you've got a trusted vault again, on a trusted device, you should then change all your online passwords.
I hope this helps.
Rick
0
