The Underground Economy of Apple ID

Presented at BSidesSF 2017, Feb. 13, 2017, 4:50 p.m. (30 minutes).

Apple ID is the keystone of all services and apps running on Apple platforms. It is the most important credential to access iCloud, to purchase apps or music, to talk with friends or families by Messages/FaceTime, to remotely manage iPhone and Mac, to synchronize our mail, photo, calendar and documents among devices and cloud. Since its extreme importance, Apple ID has become one of the most favorite goods in the underground market! In this topic, we will present several real world attacks to or based on Apple IDs, affecting a huge number of users globally. Some of them even led to arresting and judgement. We are going to present our observations and investigations on these questions: 1) how could attacker grab large amounts of Apple IDs? 2) how could them make profit from those stolen Apple accounts (there are many ways!)? 3) what Apple have done and could do in further to mitigate the issue? 4) how can we protect ourselves by existing solutions?

Presenters:

  • Claud Xiao - Principal Security Researcher - Palo Alto Networks
    Claud Xiao (@claud_xiao) is a principal security researcher at Palo Alto Networks where he is working on advanced malware research and building antivirus services for OS X, iOS and Android. Prior to joining Palo Alto Networks, he was a senior researcher at Qihoo and was a senior researcher at Antiy Labs. In recent years, he's revealed some interesting malware and attacks including WireLurker, KeyRaider, XcodeGhost, AceDeceiver and KeRanger which have led to widespread conversations and rethinking of the Apple ecosystem's security and malware problem.

Links:

Similar Presentations: