Officer's Blog

Posted on Jul 23, 2022Read on Mirror.xyz

MacOS + IOS + Crypto + OpSec = ?

In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don't have a definite answer here - both yes and no. Let's get to the bottom of it!

First of all, There are a lot of malware for MacOS/IOS, the thing is that exploits 0days/1day for MacOS/IOS costs slightly more in than Windows/Android.

There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits - they always cost more), I suggest you go to Zerodium and see the prices.

In general, the toolkit is more or less the same so don't assume that MacOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.

In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5-10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.

Hackers also care about economics, profit and cost. If they are confident they can take the risk. Keep that in mind.

Use Qubes OS, Whonix, Tails or Graphene OS (which is way better then closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can't help you, if you don't care about simple security rules - keep that in mind. See my original Twitter thread! 


Follow these guides:

Security Tips for IPhone & Mac users:

1 - Keep in mind that in most ways, hackers when dealing with Apple device will try to target non-obvious sources like: ICloud cloud backup, Google cloud Backup, etc!

2 - Be aware that Apple Care can get a TeamViewer function, you need only a 1 click to loose all your data:

3 - Disable predictive text on your device!

4 - Never scan QR codes via your working IPhone!

5 - Read my OpSec roadmap to avoid such situations, never download files on your working machine. You should understand all 25 rules!

6 - Use dangerzone.rocks if you are working with PDFs!

7 - Protect from Sim-Swappig!

https://twitter.com/cryptonacks/status/1538206075178074113?s=20&t=4oAibcw3ZIm05LtQ6009Gg

8 - Keep up with the latest security news!

https://www.bleepingcomputer.com/news/apple/apple-ios-163-arrives-with-support-for-hardware-security-keys/

9 - Be aware of Crypto Clipper which attacks a clipboard!

10 - Be aware of Physical attacks!

https://docs.google.com/document/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/mobilebasic


Attacks on MacOS compilation:

Linux Attack:

www.intezer.com/blog/research/lightning-framework-new-linux-threat

Wi-Fi Security when holding Crypto assets. Special.

https://systemweakness.com/wifi-hacking-ffb9708c1071

Use an own DLP/SIEM or Bandwidth Monitor:

https://medium.com/databulls/what-is-data-loss-prevention-dlp-how-does-it-work-f1b3db3710e9


t.me/officer_cia/378

https://officercia.mirror.xyz/VCUaozkvMw1CSaNm3VnafrDLX4dwEjDIQo6qSOIbO8o

https://officercia.mirror.xyz/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ

https://officercia.mirror.xyz/rt5W3_6PhnXZ8VjYRcRJrhBCI6-x0EJ7CqPi6CLU6Pk

https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap

https://graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31

https://officercia.mirror.xyz/FvMKbibx7gDlufgZSkmYn77CI8HPBsVCeqUKmpXHr0k


Support is very important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! ❤️

If you want to support my work, you can send me a donation to the address:

https://github.com/OffcierCia/support


Recommended Reading