While Apple and the FBI were battling over the tech giant’s refusal to break into the iPhone of the alleged San Bernardino shooter earlier this year, the LAPD quietly hacked the iPhone of “Shield” actor Michael Jace’s murdered wife, the Los Angeles Times reports.
On March 18, seeking access to a text message argument between Jace and his wife, LAPD officials contracted a forensic cellphone expert to bypass the iPhone’s keylock.
While full details have not been released, the fact that the LAPD was able to hack the phone illustrates the reality that even relatively secure technology can be breached by a determined hacker.
Here is a review of a several of the past year’s more notable data breaches and what security lessons we can learn from each.
In another recent Apple security incident, the tech giant announced last September that it was removing more than 300 apps from its App Store that had been infected by a malicious code known as Xcode Ghost.
Security provider FireEye soon identified 4,000 infected apps. Prior to this, only five infected apps had been discovered in the App Store. The attacker spread the virus by tricking developers in China into downloading an infected counterfeit of Apple’s Xcode developer tool from a popular third-party website.
Using a hacking method known as backdoor compiling, the infected apps stole user information, and the hackers sent the information to a command and control server, while also enabling apps to accept remote commands, including opening URLs sent from the server.
This enabled infected devices to be targeted for phishing attacks and await direction for enterprise-signed malicious apps to potentially be installed on non-jailbroken devices.
Observers noted that the CIA was known to have been developing a modified version of Xcode that would have create a backdoor into Apple devices, according to documents provided by Edward Snowden.
As Phys.org reports, there was little end users could do to prevent an Xcode Ghost attack originating on the developer level and that it ultimately fell upon Apple and the development community to take preventive measures.
Apple advises all developers to only download Xcode from the App Store or the Apple Developer website and to leave Gatekeeper enabled to validate their Xcode. End users, however, can look to the Xcode Ghost incident as a case study into the risks of downloading software from third-party sites.
Another major 2015 breach was the hack of purportedly-discreet online dating site Ashley Madison. Ashley Madison’s parent company Avid Life Media believes the cyber attack originated with someone gaining access to their IT systems.
Once the perpetrator gained access to the company’s database, the personal and financial information of 37 million users was eventually compromised.
A group calling itself Impact Team then threatened to publish the data unless Ashley Madison shut down. And when the company failed to acquiesce, Impact Team ultimately published the data and showcased how seemingly-impenetrable websites are not always foolproof.
Besides putting a black eye on Ashley Madison, the fallout for the website’s millions of worldwide users included divorces, extortion, at least three suicides and a $578 million class-action lawsuit.
IBM encryption expert Rick Robinson draws two major security lessons from the Ashley Madison breach. First, make it difficult for thieves to steal your passwords and other private information. Second, when you find a security hole, fix it immediately.
Healthcare Provider Breaches
One of the most significant data breaches of the year was the hacking of healthcare insurer Anthem, which ultimately exposed 80 million health plans users, including members of Amerigroup and Anthem Blue Cross and Blue Shield.
Investigators concluded China had sponsored the hack in an effort to study the U.S. health-care system.
The Anthem attackers employed phishing tools to steal IT worker credentials, illustrating the need to shore up the human side of cyber security.
In another recent medical breach, a rogue employee in Miami-Dade county’s Jackson Health System stole personal information from 24,000 patients over five years. Monitoring employee activity using both computers and security camera systems can help curb such risks.
Byline: Roy Rasmussen, coauthor of Publishing for Publicity, is a freelance copywriter who helps small businesses get more customers and make more sales. His specialty is helping experts reach their target market with a focused sales message. His most recent projects include books on cloud computing, small business management, sales, business coaching, social media marketing, and career planning.