SecureMac, Inc.

Checklist 338: Macs and Keyboards and Required Reasons

August 10, 2023

Dark web threats to macOS surge 1000%, deep learning steals keystrokes via mic with 95% accuracy. Apple tightens App Store security, requires API justification by Spring 2024.

Checklist 338: Macs and Keyboards and Required Reasons

Accenture Report: Surge in Dark Web Threats Against macOS

Accenture, a leading IT services firm, has unveiled a startling rise in cyberattacks on macOS systems. Dark web forums reveal a shocking “1,000% increase in dark web threats targeting macOS,” signaling a significant surge in cyber risks for Apple computers.

Accenture’s research identifies a notable spike in malicious activities focused on macOS during 2022 and the first half of 2023. The dark web activities involve heightened demand for tools that can bypass two crucial macOS security features: Gatekeeper and Transparency, Consent, and Control (TCC). These security gaps enable malware distribution through untrusted apps.

Well-funded malicious actors are willing to pay substantial amounts for these vulnerabilities, with potential buyers offering $500,000 to $1 million for operational exploits targeting macOS.

This escalating trend is anticipated to persist and worsen. While Windows and Linux exploits are common, macOS-specific vulnerabilities are rarer and thus more valuable. Accenture warns that this trend might encourage more threat actors to specialize in macOS attacks.

As businesses adopt macOS systems, the allure for cybercriminals intensifies, and the cycle is exacerbated as more threat actors focus on macOS, spreading knowledge and tools across the dark web.

However, the Accenture report lacks comprehensive guidance on safeguarding against these threats. While awareness helps, practical steps are crucial. Cybersecurity experts recommend strong, unique passwords, password managers, two-factor authentication, and vigilance against phishing. Regular data backups and encryption are also advised.

Individuals should heed security alerts from IT departments, fostering a cooperative relationship to enhance data security. Reliable anti-malware solutions, coupled with staying informed about cyber threats, are equally crucial.

As macOS-targeted threats continue, a proactive, multi-layered security approach remains vital for users and businesses.

Deep Learning Model Steals Keystrokes via Microphone Recordings

UK researchers unveil a groundbreaking digital privacy threat—a deep learning model that accurately steals keystrokes from microphone recordings, raising concerns about sensitive data vulnerability.

The model achieves an astounding 95% accuracy in capturing keyboard inputs via microphone eavesdropping, even on platforms like Zoom (93% accuracy).

Ubiquitous microphones in devices like smartphones and laptops amplify worries about surreptitious data theft, rendering common countermeasures ineffective.

Training data from a MacBook Pro generated acoustic profiles for each key press, enhancing signal identification. The model achieved 95% accuracy in smartphone, 93% in Zoom, and nearly 92% in Skype recordings.

This vulnerability compromises more than just passwords; private discussions and messages could be exposed, jeopardizing data security.

Though not used maliciously yet, experts advise altering typing styles, randomized passwords, biometric authentication, password managers, and multi-factor authentication to counter the threat.

This research underscores the need for continuous vigilance and innovation against evolving cyber threats. In the digital security landscape, advancing technology prompts innovative tactics from cybercriminals.

Apple Tightens App Store Security Against Digital Fingerprinting

iDownloadBlog raises concerns about App Store app security, prompting Apple to enhance its measures against digital fingerprinting. Apple’s reputation for security faces scrutiny due to potential flaws in its vetting process.

Apple aims to curb digital fingerprinting, a user-tracking technique, by mandating developers to justify API usage.

Apple’s efforts align with its privacy protection goals, including App Tracking Transparency.

Despite warnings, some developers exploit APIs for tracking despite Apple’s efforts. Concrete action is expected with upcoming OS updates.

Apple designates specific APIs as “required reason APIs,” demanding clear justifications for usage. These justifications must align with app functionality and not involve tracking.

Expected in Spring 2024, this move showcases Apple’s proactive stance against unauthorized tracking.

In summary, Apple’s stricter developer requirements enhance App Store privacy. While gradual, this step demonstrates Apple’s commitment to security and user trust against digital fingerprinting.

Get the latest security news and deals