As we progress into the digital age, cyber security becomes increasingly important. As the world becomes more digital, so do the threats, especially when some applications on your computer are required to disclose your metadata. Cybercriminals and nation-state sponsored groups are always looking for new ways to exploit flaws and vulnerabilities to access our sensitive data. To stay one step ahead, we need a way to detect and safely remove this potentially unwanted software.
Why protecting your data is crucial in these unsafe times
As an example, in July 2016, the Russian Federation implemented Federal bills No. 374-FZ and 375-FZ, which require telecom providers to store the content of voice calls, data, images and text messages on Russian servers for six months, and their metadata for three years. Online services such as messengers, emails and social networks that use encrypted data are required to allow the Federal Security Service (FSB) to access and read their encrypted communications.
All internet and telecom companies with some presence in Russia must disclose these communications and metadata, as well as "all other information necessary" to authorities without a court order. What tools can we employ to detect malicious applications using your data?
When data protection becomes national security
That was the question MacPaw's Tech R&D team asked themselves. Sergii Kryvoblotskyi, Tech R&D Lead, has extensive experience in data protection.
Being located in Kyiv, Ukraine, cyberattacks, surveillance and foreign governments that do not respect fundamental human rights have been an existential threat and a question of national security for years. Even before the full-scale invasion, MacPaw extensively researched these topics.
When the developers saw Ukrainian digital infrastructure suffering numerous cyberattacks at the start of the invasion, they decided that it was time for them to act. So the team just had to find which of the research projects could contribute best to the country's informational security. One project was about the technical implementation of network filtering on macOS. This could be well-applied to protect computers and personal devices from potentially dangerous apps and adapted to help users in our new reality. Our security is a group effort and, as you know, a chain is only as strong as its weakest link.
What network filtering does on macOS
To put it simply, let's use dynamic and static analyses.
Static analysis can identify if the app originates or is somehow related to either Russia or Belarus by using:
- A static database as a deny list
- Bundle identifier analysis
- App Store metadata analysis
- Natural language processing
- Code signing
- Information property lists
- Bundle localization
- Mach-O examination
Dynamic analysis reveals how apps and websites are behaving. When you launch an app on your Mac, it immediately begins doing something: sending messages to servers, writing files, gaining access, etc. Dynamic analysis examines the data flow, identifying which server your apps connect to and their physical location.
SpyBuster
MacPaw has created a tool that uses these methods to assist you in detecting spyware.
SpyBuster, for example, scans app and web connections in real-time and displays their logs to determine whether they are secure. SpyBuster displays only the potentially dangerous connections and allows you to terminate the app.
However, note that if you don't disable the connection to the endpoint, app or site that is attempting to be reached, they will continue sending your data to unsafe servers.
SpyBuster performs data analysis utilizing the standard App Store API provided by Apple. It does not store any data on SpyBuster servers; everything is done exclusively on-device. You can also share a list of potentially unwanted apps, detection reasons and false positives in the detailed description to help the developers to identify dangerous apps more accurately. Your identity, device type and other personal information, however, will remain completely anonymous.
SpyBuster is free to any macOS user around the world (except in Russia and Belarus, for obvious reasons) running macOS 10.15 or higher.
To find out more and learn how to perform static analysis yourself – join our pre-recorded session "Static Analysis of macOS Application Bundle for Territorial Affiliation" by Yevhenii Peteliev, Senior Software Engineer in the Technological R&D Service at MacPaw.
Other live sessions by the MacPaw team:
“The Story: How we Ensured Company’s Security and Stability During the War” by Vira Tkachenko, a Chief Technology and Innovation Officer at MacPaw
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.