MacOS + IOS + Crypto + OpSec = ?
In my favorite chat room recently I was asked, in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don’t have a definite answer here — both yes and no. Let’s get to the bottom of it!
First of all, There are a lot of malware for MacOS/IOS, the thing is that exploits 0days/1day for MacOS/IOS costs slightly more in than Windows/Android.
There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits — they always cost more), I suggest you go to Zerodium and see the prices.
In general, the toolkit is more or less the same so don’t assume that MacOS is more secure. Again, it is based on Linux and FreeBSD. In other words, know who is working against you and what they are capable of.
In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5–10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.
Hackers also care about economics, profit and cost. If they are confident they can take the risk. Keep that in mind.
Use Qubes OS, Whonix, Tails or Graphene OS (which is way better then closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! But. Any secure OS can’t help you, if you don’t care about simple security rules — keep that in mind. See my original Twitter thread!
Follow These Guides:
- github.com/undergroundwires/privacy.sexy
- github.com/drduh/macOS-Security-and-Privacy-Guide
- github.com/decalage2/awesome-security-hardening
Keep in mind that in most ways, hackers when dealing with Apple device will try to target non-obvious sources like: ICloud cloud backup, Google cloud Backup, etc!
Be Aware That Apple Care Can Get a TeamViewer-like Function, You Need Only a 1 Click to Loose All Your Data
Disable Predictive Text On Your Device!
- reddit.com/r/CryptoCurrency/comments/ubv81z/psa_my_phone_just_guessed_my_private_key_if_you
- macworld.com/article/672173/how-to-remove-words-from-iphone-predictive-text.html
Never Scan QR Codes via Your Working IPhone!
- securityaffairs.co/wordpress/70739/hacking/qr-code-ios-bug.html
- tech.hindustantimes.com/tech/news/iphone-user-beware-of-fake-qr-codes-71651747604570.html
Read my OpSec roadmap to avoid such situations, never download files on your working machine. You should understand all 25 rules! Use dangerzone.rocks if you are working with PDFs!
- Crypto OpSec SelfGuard
- How to store crypto securely — tips from CIAOfficer
- 2 Violent attack vectors in Crypto: a detailed review
- OpSec in Crypto: Thoughts
Protect From Sim-Swappig
Keep Up With the Latest Security News
Be Aware of Crypto Clipper (which attacks a clipboard)
Be Aware of Physical Attacks
Attacks on MacOS
Attacks on Linux
Wi-Fi Security When Holding Crypto-Assets
- Read this article: ledger.com/academy/security/hack
- Go through this awesome list: github.com/edelahozuah/awesome-wifi-security
- Test: github.com/techge/wifi-arsenal
- If you are an IoT device owner, then carefully read: github.com/nebgnahz/awesome-iot-hacks
- BGP Hacking: theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum
- Microtik security: www.itdave.nl/mikrotik-router-seurity-hardening
- Check out: github.com/decalage2/awesome-security-hardening
If you want to support my work, you can send me a donation to the address:
- 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
- 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU — BTC
- 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR