Backdoor Malware Targets Apple iPad

← Back to Stories (view on slashdot.org)

Backdoor Malware Targets Apple iPad

Posted by CmdrTaco on Tuesday April 27, 2010 @01:04AM from the that-didn't-take-long dept.

An anonymous reader writes "Apple iPad users are being warned of an email-borne threat which could give hackers unauthorised access to the device. The threat arrives via an unsolicited email urging the recipient to download the latest version of iTunes as a prelude to updating their iPad software. Apart from opening up a backdoor, it also tries to read the keys and serial numbers of the software installed on the device, and logs the passwords to any webmail, IM or protected storage accounts."

120 of 196 comments (clear)

Min score:

Reason:

Sort:

Wrong wrong wrong... by richy+freeway · 2010-04-27 01:04 · Score: 5, Informative

This DOESN'T infect the iPad at all. It targets the idiots who bought an iPad but it is a WINDOWS virus.

See here for further details : http://www.theregister.co.uk/2010/04/26/ipad_backdoor/
1. Re:Wrong wrong wrong... by drewhk · 2010-04-27 01:10 · Score: 4, Informative
  
  Why modded Flamebait??
  http://news.bitdefender.com/NW1493-world--iPad-Users-Targeted-by-Backdoor-Dissembled-as-iTunes-Update.html
2. Re:Wrong wrong wrong... by alphad0g · 2010-04-27 01:18 · Score: 5, Informative
  
  I concur. Article is incorrect and Slashdot just regurgitated it. At least the blog post by the original author is correct. A Windows trojan - nothing else.
3. Re:Wrong wrong wrong... by Anonymous Coward · 2010-04-27 01:18 · Score: 4, Funny
  
  Just because you can't think differently in a manner identical to all the other fruits, doesn't make them idiots...
4. Re:Wrong wrong wrong... by Opportunist · 2010-04-27 01:20 · Score: 1
  
  I was already wondering, wasn't the whole ban around unsigned software on i$whatever devices to keep malware from popping up?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Wrong wrong wrong... by TheKidWho · 2010-04-27 01:30 · Score: 1, Insightful
  
  The Luddites are out en-masse today.
6. Re:Wrong wrong wrong... by Anonymous Coward · 2010-04-27 01:34 · Score: 1, Interesting
  
  Call me an idiot if you want. But I am an iPhone/iPod developer. Last year I made over $300K on my apps, and last month I made over $125K on JUST iPad versions of my apps.
  If buying an iPad so I can write software for it that I can sell it to other "idiots" makes me an idiot, then I'm being an "idiot" all the way to the bank.
  What do you do for a living?
7. Re:Wrong wrong wrong... by drewhk · 2010-04-27 01:37 · Score: 3, Funny
  
  I thought that you called the Windows users idiots ;)
8. Re:Wrong wrong wrong... by drinkypoo · 2010-04-27 01:47 · Score: 1, Insightful
  
  Unfortunately, "Backdoor Malware Targets iPad Users" wouldn't have had the word "Apple" in it, and thus would not be eligible to be a headline on Slashdot.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
9. Re:Wrong wrong wrong... by dskzero · 2010-04-27 02:05 · Score: 4, Funny
  
  Wrong thread, pal, this is for bashing apple fanbois, there is a thread about MS losing money over there.
  
  --
  Oblivion Awaits
10. Re:Wrong wrong wrong... by Lumpy · 2010-04-27 02:11 · Score: 2, Insightful
  
  I would whole heartedly agree with that statement.
  I had to clean 30 new "internet security 2010" infections this week... Even though the users have been instructed on how to not get infected....
  Honestly, 60% of all computer users are idiots... this is a universal fact.
  
  --
  Do not look at laser with remaining good eye.
11. Re:Wrong wrong wrong... by NatasRevol · 2010-04-27 02:25 · Score: 2, Interesting
  
  Yep, and it works great.
  This infection is a windows virus that runs on the windows machine, then tries to identify information being sent from the windows machine to the iPad, disguised as an iTunes update. It's a classic man-in-the-middle attack.
  
  --
  There are two types of people in the world: Those who crave closure
12. Re:Wrong wrong wrong... by e4g4 · 2010-04-27 02:40 · Score: 3, Insightful
  
  60% is an extraordinarily optimistic estimate...
  
  --
  The secret to creativity is knowing how to hide your sources. - Albert Einstein
13. Re:Wrong wrong wrong... by jedidiah · 2010-04-27 02:42 · Score: 1
  
  This is a pretty mundane Trojan. If you give the end user a means to run it, they probably will.
  This applies equally well to the Mac.
  How do you keep a moron with a shotgun from shooting his foot off?
  
  --
  A Pirate and a Puritan look the same on a balance sheet.
14. Re:Wrong wrong wrong... by BrokenHalo · 2010-04-27 03:25 · Score: 1
  
  Q: Want to know what a real secure OS is? I don't see many OS/2 virii around.
  
  A: A secure OS is one that is entirely disconnected from any other network. It is also, by the way, not very functional, but maybe no-one will notice that.
  OS/2 is 1/2 of an operating system.
  The plural of "virus" is "viruses" and NEVER "virii".
15. Re:Wrong wrong wrong... by initdeep · 2010-04-27 03:51 · Score: 1
  
  using the same unsubstantiated "facts" that you do, I made just over 1.1 million last year selling a custom computer software program to a very targeted group of customers who have no other means of doing what my software does short of writing their own.
16. Re:Wrong wrong wrong... by Wingsy · 2010-04-27 04:03 · Score: 3, Informative
  
  I read the original blog from the original author, and he said, "Backdoor.Bifrose.AADYattempts to read the keys and serial numbers of the various software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts, and protected storage."
  
  Nowhere does it imply that any information being sent from the windows machine to the iPad is being read or intercepted. It's just your typically hosed Windows box.
  
  --
  If I didn't have absolutely NOTHING to do, I wouldn't be here.
17. Re:Wrong wrong wrong... by Achromatic1978 · 2010-04-27 04:34 · Score: 1
  
  Hey, look everyone, it's the author of the iFart app!
18. Re:Wrong wrong wrong... by Jorl17 · 2010-04-27 05:04 · Score: 1
  
  Gotta love myself.
  
  --
  Have you heard about SoylentNews?
19. Re:Wrong wrong wrong... by Sandbags · 2010-04-27 05:16 · Score: 1
  
  Yes, thank you... Anyone with iTunes should ALSO know, most especially Windows users who raised quite the stink about it, that ALL apple software is updated EXCLUSIVELY through the Apple Software Update Utility, and that Apple NEVER advertises updates through anything resembling SPAM mail.
  
  --
  There is no contest in life for which the unprepared have the advantage.
20. Re:Wrong wrong wrong... by Sandbags · 2010-04-27 05:21 · Score: 1
  
  Exactly. Its a Windows Trojan that happens to target iPad owners. Its no different than any other trojan mailware targeting users of windows that happen to own some other product, like all the "symbian viruses"
  The only concern is the iPad can in fact be access such, which I'm sure is a door apple will close quickly (and its likely a door firmware hackers have enjoyed using for some time to jailbreak the iPhone OS, so yet again that door will likely be closed, and apple will get blamed for blocking jailbreakers when for 3 revisions of the OS they chose to leave the known door open as there were no exploits, and they damned well knew how to close it...
  
  --
  There is no contest in life for which the unprepared have the advantage.
21. Re:Wrong wrong wrong... by Gilmoure · 2010-04-27 05:39 · Score: 1
  
  How do you keep a moron with a shotgun from shooting his foot off?
  Hand the gun to a Vice President?
  
  --
  I drank what? -- Socrates
22. Re:Wrong wrong wrong... by nine-times · 2010-04-27 05:50 · Score: 1
  
  Malicious modding. Some people throw a hissy fit when their FUD is debunked. It doesn't matter if the FUD is anti-Microsoft, anti-Apple, anti-Google, or anti-something-else. People who like the FUD don't like hearing that it's BS, and people who really love FUD are often petty and malicious.
23. Re:Wrong wrong wrong... by hrimhari · 2010-04-27 06:03 · Score: 1
  
  Looks like you lost the part where it says:
  An e-mail invitation to an iTunes update gets iPad users’ PCs into backdoor trouble.
  It's after the heading and before the text of the blog post. Usually called caption.
  
  --
  http://dilbert.com/2010-12-13
24. Re:Wrong wrong wrong... by dgatwood · 2010-04-27 06:14 · Score: 1
  
  You mean like the sandboxing in Mac OS X?
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
25. Re:Wrong wrong wrong... by Wingsy · 2010-04-27 06:18 · Score: 1
  
  I know what it says. I was responding to the post by NatasRevol where he said the malware tries to identify info sent to an iPad. It doesn't say that in BitDefender's blog post.
  
  http://www.malwarecity.com/blog/ipad-users-targeted-by-backdoor-dissembled-as-itunes-update-803.html
  
  --
  If I didn't have absolutely NOTHING to do, I wouldn't be here.
26. Re:Wrong wrong wrong... by spitzak · 2010-04-27 06:30 · Score: 1
  
  It sounds like the trojan is completely generic. It does not do anything about the iPad at all, it is designed to spy on the user's Windows use.
27. Re:Wrong wrong wrong... by eleuthero · 2010-04-27 06:38 · Score: 1
  
  What about those of us who don't actually need a full computer to do our jobs. The simplicity of iWork for the ipad is sufficient for most of my needs. I haven't gotten an ipad because of the pdf annotation limitations on all currently available apps. Once someone puts that out I can ditch my computer completely (don't need to type much, mostly just read and respond with brief comments).
28. Re:Wrong wrong wrong... by GameboyRMH · 2010-04-27 06:55 · Score: 1
  
  Funnily enough, less=more is the apple fanboy mantra.
  (some actually think that removing features makes a product better, and adding features makes a product worse - seen in an iPhone vs. N900 review).
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
29. Re:Wrong wrong wrong... by hrimhari · 2010-04-27 07:00 · Score: 1
  
  Oh right, sorry! No, according to the blog post, the iPad itself would not be involved at all. "iPad" there is just an excuse to lure the iPad owner to install a malware that affects the Windows PC like any other malware would.
  The misunderstanding comes from this difference:
  Blog post:
  
  (...) opens up a backdoor that allows unauthorized access to and control over the affected system. (...) attempts to read the keys and serial numbers of the various software installed on the affected computer (...)
  Article:
  
  (...) opens up a backdoor which could let the perpetrator gain unauthorised access to the device (...) tries to read the keys and serial numbers of the software installed on the device (...)
  
  --
  http://dilbert.com/2010-12-13
30. Re:Wrong wrong wrong... by GameboyRMH · 2010-04-27 07:08 · Score: 1
  
  I made a billion dollars between my two jobs as male porn star and supercar test driver.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
31. Re:Wrong wrong wrong... by konohitowa · 2010-04-27 07:41 · Score: 1
  
  Why modded Flamebait??
  If I had to guess, I'd say it's because they called people who bought iPads "idiots."
32. Re:Wrong wrong wrong... by BasilBrush · 2010-04-27 08:37 · Score: 2, Informative
  
  (some actually think that removing features makes a product better, and adding features makes a product worse - seen in an iPhone vs. N900 review).
  Yes. People with good taste.
33. Re:Wrong wrong wrong... by BasilBrush · 2010-04-27 08:43 · Score: 1
  
  This applies equally well to the Mac.
  No it doesn't. Virtually all malware targets windows. You have to be quoting a lot of decimal places before the malware targeting Macs is not 0%.
34. Re:Wrong wrong wrong... by BitterOak · 2010-04-27 08:51 · Score: 1
  
  This DOESN'T infect the iPad at all. It targets the idiots who bought an iPad but it is a WINDOWS virus.
  Uh. I wasn't aware the iPad even ran Windows.
  
  --
  If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
35. Re:Wrong wrong wrong... by knarf · 2010-04-27 09:58 · Score: 1
  
  People with good taste
  By using the concept 'good taste' you push Apple products even further into the realm of fashion. Taste is as subjective as it gets and to claim that preferring Apple products shows you have 'good taste' shows you don't judge Apple products by objective criteria but more by whether they appeal to your sense of fashion.
  Some people claim that those who wear clothes which are in fashion show they have 'good taste'. Nobody will claim those fashionable people wear factory-ripped jeans with holes and patches because those jeans are 'better' than a pair of un-worn, hole-free jeans. They are fashionable, the in-crowd wears them. If you want to be seen as part of the in-crowd you wear them as well. Not because they are better.
  
  --
  --frank[at]unternet.org
36. Re:Wrong wrong wrong... by BasilBrush · 2010-04-27 10:45 · Score: 1
  
  Good taste is not a product of fashion.
  
  Taste is as subjective as it gets and to claim that preferring Apple products shows you have 'good taste'
  I didn't say anything about Apple products. The people I said had good taste are the ones described as "some actually think that removing features makes a product better, and adding features makes a product worse"
  We're talking about good design. That's far too big a topic to discuss enough to reach a conclusion in a /. post or two, but the concept that adding too many features makes a product worse is illustrated quite well by Homer's automobile. http://simpsons.wikia.com/wiki/%22The_Homer%22
37. Re:Wrong wrong wrong... by mgblst · 2010-04-27 12:40 · Score: 1
  
  How did you instruct them? Did you send them an email, which they ignored with the other 20 emails they get every week? That is not a good way to instruct people. Do you have a training session whenever anyone new comes into the company? Do you send out fake email to try to trick people, redirecting them to a site that tells them off?
  Maybe you are the problem?
38. Re:Wrong wrong wrong... by Meski · 2010-04-27 18:00 · Score: 1
  
  Mod this up, I think he's attacking bloatware, (aka Office) and its tendency to add features (and rearrange the UI) with every release.
39. Re:Wrong wrong wrong... by Meski · 2010-04-27 18:01 · Score: 1
  
  Well they are. Jailbreak one and put Android on it, and you'll be close to a working product.
40. Re:Wrong wrong wrong... by konohitowa · 2010-04-27 18:23 · Score: 1
  
  Well they are. Jailbreak one and put Android on it, and you'll be close to a working product.
  1. Start with a working product.
  2. Jailbreak and install Android.
  3. Be close to a working product (this step is traditionally supposed to be PROFIT!!!)
  Who are the idiots again?
41. Re:Wrong wrong wrong... by Meski · 2010-04-27 18:37 · Score: 1
  
  Step 1 - I'd debate that in this iteration that the iPad has a working OS. It's akin to MSDOS 1.0
42. Re:Wrong wrong wrong... by 4phun · 2010-04-27 20:22 · Score: 1
  
  I concur. Article is incorrect and Slashdot just regurgitated it. At least the blog post by the original author is correct. A Windows trojan - nothing else.
  /. got it wrong also in that the Trojan targeted anyone who used the windows version of iTunes, not an iPad. I am saddened that many in their hatred of all things Apple repeat nonsense instead of applying critical thinking. BTW iTunes was updated Tuesday April 27 to iTunes 9.1.1 I strongly recommend an iPad to families and others trying to avoid most of the tremendous dangers of being connected via the Internet. Isn't there always a tremendous advantage to real as well as virtual walled gardens when it comes to safety? Those who are well off will confirm that any day.
43. Re:Wrong wrong wrong... by GameboyRMH · 2010-04-28 01:38 · Score: 1
  
  No, I was upset, also about the lack of a digital compass. Luckily there's a free 3rd-party app for MMS (although I don't really use it myself).
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
44. Re:Wrong wrong wrong... by GameboyRMH · 2010-04-28 01:41 · Score: 1
  
  Well, you have fun with your "good taste," I'll enjoy my "tasteless" functionality.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
45. Re:Wrong wrong wrong... by Phoghat · 2010-04-28 03:49 · Score: 1
  
  FTFA
  "Malware scammers are trying to trick early iPad buyers into installing backdoor software on Windows machines, according to a security firm."
  Sometimes IT ACTUALLY PAYS TO RTFA
  you might learn something
  
  --
  Think of how stupid the average person is, and realize half of them are stupider than that.
46. Re:Wrong wrong wrong... by richy+freeway · 2010-04-28 04:01 · Score: 1
  
  You're reading the wrong article. Your quote comes from the Reg article I linked to. In the article from the summary, it's wrong.
  
  Nice try though.
47. Re:Wrong wrong wrong... by BasilBrush · 2010-04-28 08:30 · Score: 1
  
  Well, you have fun with your "good taste," I'll enjoy my "tasteless" functionality.
  But your a Linux user aren't you? That of course has has both far worse UI design AND less functionality than OS X. I mean the Windows USERS could at least make a claim for more functionality. But you can't.
48. Re:Wrong wrong wrong... by GameboyRMH · 2010-04-28 08:48 · Score: 1
  
  Maybe less functionality than OSX out of the box, but it can meet or exceed the functionality of OSX if required, and it can interoperate with other apps on other OSes much more easily. And it's free and not tied to any specific hardware (yeah I know you can jump through hoops and break EULAs to install OSX on non-Apple hardware, whooptie doo, I can recompile Linux for different CPU architectures if I need to.)
  Also I hope you aren't suggesting Windows has more out-of-the-box functionality than Linux. Even the more spartan Linux distros come with a better selection of apps than Windows these days.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
I don't own an iPod/iPhone/iPad, please help by BadAnalogyGuy · 2010-04-27 01:12 · Score: 1

Is it common for software to announce updates via email? Given that the device would presumably have a net connection, any legit updates ought to be pushed out through the iTunes store.
1. Re:I don't own an iPod/iPhone/iPad, please help by jaavaaguru · 2010-04-27 08:21 · Score: 1
  
  Operating system updates are pushed out through iTunes when the phone/iPod is docked. Other app updates are pushed out OTA. There is no e-mail involved. I suspect the iPhone platform is not the only one that has users receiving such e-mails.
  
  --
  Follow me
Re:Write misleading headlines much.. by richy+freeway · 2010-04-27 01:12 · Score: 4, Insightful

It's not just the headline, it's the summary and the article too!
Re:exactly why... by lord_rotorooter · 2010-04-27 01:12 · Score: 5, Informative

This does not actually affect the IPad but rather is an attack to get Windows users to install an "update" for ITunes. The "update" is malware for Windows and is targeted at people who own an IPad and sync it with Windows.
Not quite..... by quiet_guy · 2010-04-27 01:13 · Score: 1

Great quote from the UK article: "Since buyers are likely to have a lot of disposable income and not much sense...." TFA is wrong - malware is aimed at the Winbloz boxen, by offering a download of a "new iTunes" program. Macs and iPads are not impacted.
1. Re:Not quite..... by daveime · 2010-04-27 04:51 · Score: 1
  
  The plural of box is boxes ... please stop trying so hard to sound smarter than you are.
2. Re:Not quite..... by mgblst · 2010-04-27 12:43 · Score: 1
  
  So people who do not have much sense get an iPad and a windows machine? Because this doesn't affect people who are running Mac OS?
  So you are suggesting that all people with iPads/iPhones/iPods should get rid of their virus-ridden Windows box?
Re:exactly why... by TheKidWho · 2010-04-27 01:14 · Score: 4, Insightful

Yes well, this virus is infecting a Windows PC, so much for that.
Clarification... by clone53421 · 2010-04-27 01:14 · Score: 3, Informative

An e-mail, purporting to be from Apple, informs people that their iPad needs to be updated. Steps given for updating your iPad:
1) Download an iTunes update for Windows (itunes.exe) and install;
2) Connect your iPad to the Windows computer;
3) Select iPad in the iTunes sidebar;
4) Click “Check for update” then “Update” to finish updating your iPad’s software.
Note that there’s no legitimate reason that you’d ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Needless to say, your Windows computer will be infected with the virus if you execute the itunes.exe that you were instructed to download and install. It appears that your iPad will be none the worse for having an idiot for an owner.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:Write misleading headlines much.. by WrongSizeGlass · 2010-04-27 01:15 · Score: 5, Insightful

Reminds me of that line from "Absence of Malice" that "everything they said was accurate but none of it was true".
Disappointed in /. by RemoWilliams84 · 2010-04-27 01:18 · Score: 4, Funny

I'm disappointed that there have been no Apple User/Backdoor jokes in this story yet. I'll check back in an hour. Don't kill my faith in /.

--
"I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
1. Re:Disappointed in /. by courteaudotbiz · 2010-04-27 01:37 · Score: 1, Troll
  
  As this kind of jokes about Apple users is getting moderated "troll", "overrated" or "flamebait" by all those Apple-Fanboy-Slashdotters, no one is willing to get his karma downgraded for something that's not worth talking about: Apple.
2. Re:Disappointed in /. by stifler9999 · 2010-04-27 02:14 · Score: 1
  
  Now I know why my post of a Mac Book user, using it as an iPad stand got ignored. (http://cdn-www.i-am-bored.com/media/ipadstandfail.jpg) I dont care about karma, its my choice to say and theirs to ignore. The iPad is still a stupid product that fits right into the market of "generally useless and totally unnecessary", especially the 3G version. *imagines someone holding iPad to their ear, talking to their mum - "yes mum, I'll vacuum my room (basement) tonight, gotta go my HD Hot Gurlz app has just finished downloading...."
3. Re:Disappointed in /. by iceborer · 2010-04-27 02:18 · Score: 2, Funny
  
  This scheme has no chance of success. No self-respecting Apple user would allow anything in their backdoor that didn't come dressed in a turtleneck and jeans.
4. Re:Disappointed in /. by gyrogeerloose · 2010-04-27 03:11 · Score: 1
  
  no one is willing to get his karma downgraded for something that's not worth talking about: Apple.
  Not worth talking about and yet, here you are reading an Apple thread and taking the time to comment on it.
  
  --
  This ain't rocket surgery.
5. Re:Disappointed in /. by RemoWilliams84 · 2010-04-27 03:29 · Score: 1
  
  Thank you, sir. I applaud your efforts and admire your wit.
  
  --
  "I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
6. Re:Disappointed in /. by galego · 2010-04-27 06:00 · Score: 1
  
  But yet a malformed article (title and content), one which inappropriately attributes a windows backdoor (targeting iPad owners) attack as being aimed at the iPad itself, *did* get approved/promoted as if it were an Apple iPad Security Vulnerability. The said Apple-Fanboy-Slashdotters must be asleep or have also been back-doored or abducted, eh?
  
  --
  Que Deus te de em dobro o que me desejas
  [May God give you double that which you wish for me]
7. Re:Disappointed in /. by Wingsy · 2010-04-27 07:39 · Score: 1
  
  One day when all your misconceptions have been cleared away, I'm sure your light will come on.
  br? Step one: The iPad's 3G connection is not for voice. It's data. Only data.
  
  --
  If I didn't have absolutely NOTHING to do, I wouldn't be here.
8. Re:Disappointed in /. by courteaudotbiz · 2010-04-28 00:35 · Score: 1
  
  No, I take time to read jokes about it! :-)
  
  But I don't hate Apple. I have an iPod, have had a Mac Mini (Core Solo 1st generation), but what I hate is the religion around Apple products. And like any religion, it's not worth talking about it, or should I say, debating it, since the reasons for believing in it are totally irrational.
  
  And I guess that some Apple-Fanboy-Slashdotters have had their modpoints yesterday, they spent it on me (GP post), which proves my point. They have a very poor sense of humour.
9. Re:Disappointed in /. by gyrogeerloose · 2010-04-28 03:32 · Score: 1
  
  I don't hate Apple [...] but what I hate is the religion around Apple products.
  
  I understand that. I have computers running OS X, Windows XP and a couple of different flavors of Linux. All of these operating systems have their fanboys but to me, they're just tools. My Mac is my day-to-day computer, the one I use the most, and I don't think Apple is any more evil than any other large corporation but that doesn't mean I won't jump on them when I think they've screwed up.
  
  And I guess that some Apple-Fanboy-Slashdotters have had their modpoints yesterday, they spent it on me (GP post), which proves my point. They have a very poor sense of humour.
  Apple fanboys are not the only ones. Go check my recent posting history and you'll see how the anti-Apple crowd reacts to even the most rational posts that happen to challenge their world view.
  
  --
  This ain't rocket surgery.
Updates *are* done over USB by danaris · 2010-04-27 01:18 · Score: 4, Informative

Note that there’s no legitimate reason that you’d ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Now, I don't have an iPad, so I don't know how they're updated, but the iPhone and iPod touch, which also have their own internet connections, get software updates through iTunes, over USB.
This is how it's always been done.
Dan Aris

--
Fun. Free. Online. RPG. BattleMaster.
1. Re:Updates *are* done over USB by tgd · 2010-04-27 01:30 · Score: 2, Informative
  
  Why is simple -- it replaces the firmware, by booting the phone into a mode where the firmware can be updated via USB (and the OS isn't running).
  You can't easily upgrade an OS out from under itself.
2. Re:Updates *are* done over USB by clone53421 · 2010-04-27 01:36 · Score: 1
  
  You can't easily upgrade an OS out from under itself.
  The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
3. Re:Updates *are* done over USB by Idaho · 2010-04-27 01:39 · Score: 1
  
  You can't easily upgrade an OS out from under itself.
  Uhm, what? Linux distributions do this all the time.
  (However, they are not usually installed in firmware, I'll admit).
  
  --
  Every expression is true, for a given value of 'true'
4. Re:Updates *are* done over USB by Brandee07 · 2010-04-27 01:40 · Score: 2, Informative
  
  A few points:
  -AT&T doesn't like downloads over their network larger than 10MB in size. If you buy an app larger than that, it'll tell you to find a WiFi connection and try again. Some of the previous iPhone software updates have been a few hundred megabytes - try downloading that over 3G in a reasonable amount of time.
  -Plugging in to a computer before updating the software forces the user to make a backup. The otherwise stand-alone nature of the iPhone makes it rare for me to plug my phone in to my computer, so updates are just about the only time I actually do back up my phone.
5. Re:Updates *are* done over USB by danaris · 2010-04-27 01:51 · Score: 1
  You can't easily upgrade an OS out from under itself.
  The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
  I don't know if there are specific technical reasons for it, but it seems to me that since
  
  You already know that the person with an iPad has another computer, and
  You know they have iTunes (since it's required for setting it up in the first place),
  It makes it easier to update the firmware/OS when you have that as your backup rather than having to bootstrap yourself.
  Dan Aris
  --
  Fun. Free. Online. RPG. BattleMaster.
6. Re:Updates *are* done over USB by BarryJacobsen · 2010-04-27 01:56 · Score: 1
  
  You can't easily upgrade an OS out from under itself.
  The standalone version of OSX manages it. I don’t see why the dumbed-down version on the iPad can’t.
  Because standalone versions of OS X aren't running from firmware.
  
  --
  Track your TV Shows with your iPhone - FREE
7. Re:Updates *are* done over USB by Me!+Me!+42 · 2010-04-27 02:24 · Score: 1
  
  "The iPod Touch I could understand since it doesn’t necessarily have an internet connection, but the iPhone has its own dedicated connection..."
  Actually both the iPad and iPodtouch have Wifi (and Bluetooth) I assume that is what you mean by"internet connection." The 3G version of the iPad will not be shipping for another week or so.
  As far as why?
  In normal use, when docked, theses devices have access to iTunes for syncing content, metadata, etc., and they can recharge their batteries. That goes for an update too, but in addition its easier if the OS does not have to run and there is the extra security of a direct power supply—no running out of power in the middle of the update.
  
  --
  -- My apologies if the above facts contain any opinions, or vice versa! --
8. Re:Updates *are* done over USB by E+IS+mC(Square) · 2010-04-27 02:40 · Score: 1
  
  >> You can't easily upgrade an OS out from under itself.
  
  WTF? Then OTA updates for Android and RIM must be some ground-breaking innovations!!
9. Re:Updates *are* done over USB by tgd · 2010-04-27 02:52 · Score: 1
  
  I'm sure you can spend five minutes on Google to educate yourself on the difference ...
10. Re:Updates *are* done over USB by clone53421 · 2010-04-27 04:18 · Score: 1
  
  Mac OS X: Available firmware updates
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
11. Re:Updates *are* done over USB by E+IS+mC(Square) · 2010-04-27 05:17 · Score: 1
  
  Please enlighten me my lord, because I have simply failed at that.
12. Re:Updates *are* done over USB by dissy · 2010-04-27 12:23 · Score: 1
  
  You can't easily upgrade an OS out from under itself.
  You must not be a Debian user ;}
  System installed as Debian potato (v2.2) and currently running the almost newest lenny (5.0) through 4 major version releases without any reinstall.
  After etch (v4.0) I think it was, you can even upgrade your kernel while it is running, with no reboots.
  Not to mention this is something even Debian only started about a decade ago, and has been standard practice in the mini and main frame worlds, and almost as long of a practice in the embedded controller world (Which until recently, pretty much all cell phones fell into)
  If that isn't considered upgrading an OS from under itself, I don't know what is.
13. Re:Updates *are* done over USB by mgblst · 2010-04-27 12:44 · Score: 1
  
  The obvious reason is that the iPhone/iPad/iPod runs on batteries, and if the OS is updating itself, then runs out of batteries, you are screwed.
  This is obvious, to anyone with a technical background.
14. Re:Updates *are* done over USB by E+IS+mC(Square) · 2010-04-27 23:23 · Score: 1
  
  And the award goes to..... mgblst.......... who has just proved none of the Linux distros, none of the Android phones or RIM phones has ever used a a battery. It seems only Apple products use batteries!
Re:exactly why... by TheKidWho · 2010-04-27 01:21 · Score: 1, Informative

The target isn't the iPad, it's the windows box.
Re:Write misleading headlines much.. by TheRaven64 · 2010-04-27 01:27 · Score: 1, Funny

It targets the iPad, it's just a really bad shot and always ends up hitting the Windows box...

--
I am TheRaven on Soylent News
Re:exactly why... by d3ac0n · 2010-04-27 01:28 · Score: 2, Insightful

If you want to get really pedantic, the target isn't even the Windows box. It's the user's information and the profits that can be gleaned either directly or indirectly from aggregating such information from millions of such users.
I'm guessing that the rationale behind this is that people who snap up the iPad are trend-following sheep with more money than sense who are "easy marks" and thus more likely to fall for a "social engineering" attack such as this one.

--
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
Re:Write misleading headlines much.. by shadowrat · 2010-04-27 01:30 · Score: 2, Informative

the con targets iPad users. the software targets windows.
Re:Write misleading headlines much.. by quadelirus · 2010-04-27 01:35 · Score: 4, Informative

Not just the summary. The article itself is misleading (it doesn't once mention that the virus effects Windows PCs and not iPads). This one: http://www.tgdaily.com/mobility-features/49519-nefarious-ipad-virus-masquerades-as-itunes-update is slightly better, as it doesn't fail to mention the fact that Windows PCs are being infected and not iPads. The iPad is only the phishing-hook to get a user to click the link (something like: you need to update your iTunes for your new iPad, click here to do so...)
Re:Write misleading headlines much.. by quadelirus · 2010-04-27 01:36 · Score: 1

Oh, sorry richy freeway, just saw that you said "and the article." It's too early in the morning.
The OS is not an app. by danaris · 2010-04-27 01:48 · Score: 1

Actually, all of the devices in the platform do allow app upgrades over their own connection. You *can* use iTunes and USB, but apps 10MB or you don't have carrier data you can upgrade them over wifi. The app store icon will even notify you when there are upgrades available.
Yes, for apps. Not for the OS itself, which is what was being talked about.
Dan Aris

--
Fun. Free. Online. RPG. BattleMaster.
Re:Write misleading headlines much.. by piripiri · 2010-04-27 02:07 · Score: 1

It's not just the headline, it's the summary and the article too!
You must be new here.
Re:Write misleading headlines much.. by richy+freeway · 2010-04-27 02:18 · Score: 1

Nicely expanded upon anyway. :)
Re:exactly why... by NatasRevol · 2010-04-27 02:27 · Score: 1

Just like the iPhone right????
Whoops!
http://en.wikipedia.org/wiki/File:IPhone_sales_per_quarter.svg

--
There are two types of people in the world: Those who crave closure
Re:Write misleading headlines much.. by Anonymous Coward · 2010-04-27 02:30 · Score: 1, Funny

Back door? Hell, there isn't even a front door into iPads!
MacBook Air by tepples · 2010-04-27 02:52 · Score: 1

Mac OS X on a MacBook Air is running from flash memory, just like iPhone OS on an iPad. What exactly did you mean by "running from firmware"?
no reason to need a second computer? by SuperBanana · 2010-04-27 02:54 · Score: 1

Note that there's no legitimate reason that you'd ever need to connect the iPad to a second computer to update it. It has its own internet connection.
Er, just like my iPhone? Which requires being connected to a second computer to update it?

--
Please help metamoderate.
Wow. by deafNewt · 2010-04-27 03:22 · Score: 1

I enjoy skulking here because the community is damn witty and I am often entertained and informed by what I read, but the editing of stories for any basis in fact has gone from inept to transparent troll-baiting and flame-generating. We all know some of the editors are idiots, but, come on Taco, I know you can do better.
You guys are grasping at straws now. by Brannon · 2010-04-27 03:24 · Score: 1

This is a virus that targets Windows and somehow it provides proof that people who buy the iPad are "trend following sheep"?
In what way does this have anything to do with the iPad? the fact that it can be used to receive email?
Fucking morons.
1. Re:You guys are grasping at straws now. by d3ac0n · 2010-04-27 05:03 · Score: 1
  
  Brannon, I think you may have misunderstood.
  I was attempting to describe the rationale behind attempting a social engineering attack against iPad/iTunes users, not to make a general statement on my opinion of iPad or iTunes users. Please note that I did not say that I agreed with the rationale. (Although I could have been clearer on that point I suppose.)
  All that aside though, none of this changes the fact that both the /. article AND TFA both have poor and incorrect premises and summaries.
  Unless, of course, you want to consider the end-user as the ultimate "back-door" hack into any device. Which might not be all that far off from reality after all...
  
  --
  Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
How about a jailbreak virus by Stonent1 · 2010-04-27 03:41 · Score: 1

What if someone wrote a virus that automatically jailbroke any apple device connected to iTunes and installed an alternate way of putting apps on the device?
1. Re:How about a jailbreak virus by ceoyoyo · 2010-04-27 07:55 · Score: 1
  
  The original iPhone jailbreak was via visiting a particular webpage in mobile safari.
backdoor? by ZenDragon · 2010-04-27 03:41 · Score: 1

The title of the article should read, "iPad owners take it in the backdoor!" haha
Virus? by CODiNE · 2010-04-27 03:43 · Score: 1

You have to download the trojan named itunes.exe and run it.
This is a "virus" now? What do you call stuff that spreads itself without user intervention... trojans?
How about autorun infections from USB keys... phishing?

--
Cwm, fjord-bank glyphs vext quiz
Comment removed by account_deleted · 2010-04-27 03:55 · Score: 1

Comment removed based on user account deletion
Patch Name by lbmouse · 2010-04-27 04:08 · Score: 1

I propose the name of the patch to cover this hole be named tamPod.
Oops by nawcom · 2010-04-27 04:16 · Score: 1

Either kdawson didn't feel like logging in to post this article as himself, or CmdrTaco isn't looking into stories. Too bad.
Re:Clone likes libelling others online at slashdot by crashumbc · 2010-04-27 04:17 · Score: 1

wth? AC nerd rage much? you felt the need to drag another thread into this one?
Hey Rob by Fnord666 · 2010-04-27 04:26 · Score: 1

You left your terminal logged in and kdawson has been posting stories under your ID again.

--
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Re:exactly why... by daveime · 2010-04-27 04:48 · Score: 1

Until Jobsy releases version 4, no virus is gonna run (in the background anyway).
Of course the iPod/iPad/iPhone is more secure ... you can't do fuck-all with it without permission from Apple headquarters ... and even then any virus must be written in Objective-C to conform to Steve's code "laws".
Re:exactly why... by Sandbags · 2010-04-27 05:23 · Score: 1

More to the point, the virus never TOUCHES the iPad, or even it;s files on the Windows machine. The iTunes trojan only affects AIM, Messenger, and other application software on the PC, and attempts to steal PC passwords, it;s only using the iPad in name as a method of social engineering, and its technically not even infecting iTunes!

--
There is no contest in life for which the unprepared have the advantage.
Re:exactly why... by Kitkoan · 2010-04-27 06:31 · Score: 1

Until Jobsy releases version 4, no virus is gonna run (in the background anyway).
Of course the iPod/iPad/iPhone is more secure ... you can't do fuck-all with it without permission from Apple headquarters ... and even then any virus must be written in Objective-C to conform to Steve's code "laws".
And so the myth continues. Because the iPhone/iPad is locked down then it must be secure. Thing is, it wasn't secure and it was because of that lock that people couldn't secure it. It was also the only smartphone that didn't get patched for it even though Apple had been warned for weeks before to patch it and it took 48 hours after it went public to patch. People complained, most didn't know why they had to restore their iPhones though because they didn't even need to touch anything. In the end, iPhone users were hacked and it was because of it being locked down. (If you had jail broken it, you could have prevented it from happening)

--
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Re:Write misleading headlines much.. by Kitkoan · 2010-04-27 06:36 · Score: 1

Your right :) I saw the story early somewhere else and did not even bother to read the summary after the headline that implied there is a backdoor into ipads.
It does have a back door, its build in the OS from Steve Jobs since its running a spin off of the iPhone's OS. 1 2

--
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Title and summary are misleading by KharmaWidow · 2010-04-27 07:17 · Score: 1

The vulnerable user demographic are *Windows users* of the iPad, not iPad users in general.
1. Re:Title and summary are misleading by pandrijeczko · 2010-04-27 08:31 · Score: 1
  
  Be careful taking Steve Job's manhood so deep into your mouth - you may choke!
  
  --
  Gentoo Linux - another day, another USE flag.
2. Re:Title and summary are misleading by KharmaWidow · 2010-04-27 16:10 · Score: 1
  
  Was this comment necessary? Grow up.
Re:exactly why... by Wingsy · 2010-04-27 07:22 · Score: 1

No, it's not. You're remedial reading classes start at 7pm tonight. Don't be late.

--
If I didn't have absolutely NOTHING to do, I wouldn't be here.
Re:exactly why... by BasilBrush · 2010-04-27 09:16 · Score: 1

>>Of course the iPod/iPad/iPhone is more secure ... you can't do fuck-all with it without permission from Apple headquarters ... and even then any virus must be written in Objective-C to conform to Steve's code "laws".
And so the myth continues. Because the iPhone/iPad is locked down then it must be secure.
Note the removal of the word "more" by the parent poster. Of course the GP is right. The iPhone/iPod/iPad is most certainly more secure due to it's locked down nature. But that doesn't mean completely secure.
As to the example exploit, one SMS defect can cause a denial of service for 2 seconds per SMS. Given that SMSs have to be paid for, that's going to cost the attacker a lot of money. The other crashes the coms stack, such that the GSM connection is lost and can only be regained by rebooting the phone. Neither one can cause any permanent change to an iPhone of any sort. Nor can they be used to steal information. And a patch was issued within days of the vulnerability being discovered.
Thats the WORST case you can find. You can find far worse exploits for open systems. Which rather supports the GPs case.
Misleading Title - Does not affect iPads by olafva · 2010-04-27 17:45 · Score: 1

Note that this is another Windows virus that affects only Windows PCs.
It does NOT affect iPads or any Mac products.
BitDefender is likely using the iPad's popularity to widen
their Windows anti-virus audience. Most everyone knows
that Macs do not use .exe files used by virus writers to perpetrate
Windows viri. Nice attempt at publicity!

--
What's past is NOT ALWAYS prologue for the future!
1. Re:Misleading Title - Does not affect iPads by olafva · 2010-04-27 18:37 · Score: 1
  
  A bit more about malware on Mac Products:
  By the way, many hear Macs have no better security than Windows PCs. Nothing could be farther from the truth. It is NOT simply “Security by Obscurity” (10% of laptop Market). Mac security problems (viri etc.) reported have been related to old pre-OSX O/S, Officeand other M$ products run on Macs, pfishing attacks etc. Macs don’t recognize .exe files,and most importantly default privlidges do not allow any “foreign” software to be installed.MacOSX informs you of any attempt to install “foreign” software, and if you insist on installing it, it will ask for the system password. Even if you’re gullible enough to enter the system password, it again warns you that you’re about to install “foreign” softeware for which you have to acknowledge again. Even if it is installed (i.e. an .exe file), you can click on it and it will do no damage to you Mac. In addition, unlike Windows PCs out of the box all port access except 2 (ftp & ssh) are blocked which prevents hackers from exploiting backdoors. You can see plenty of testimony from Windows users who are relieved when they switch to Macs to be free of malware, except phishing attacks, of course. Now if Apple would only send me a check for writing this based on my heavy Windows, Linux and OSX systems experience.
  
  --
  What's past is NOT ALWAYS prologue for the future!