# MacOS + IOS + Crypto + OpSec = ?

By [Officer's Blog](https://paragraph.com/@officercia) · 2022-07-23

---

In my favorite chat room recently I [was asked](https://t.me/lobsters_chat/363628), in light of recent events, would it be safer to use MacOS & IOS for work? Is it true that they have better security? I don't have a definite answer here - both yes and no. Let's get to the bottom of it!

> First of all, There are a lot of malware for MacOS/IOS, the thing is that exploits 0days/1day for MacOS/IOS costs slightly more in than Windows/Android.

There is no difference, just a difference in the price of preparation and in the price of different exploits (including file gluing exploits or delivery exploits - they always cost more), I suggest you go to [Zerodium](https://zerodium.com/) and see the prices.

In general, the toolkit is more or less the same so don't assume that MacOS is more secure. Again, it is based on FreeBSD. In other words, know who is working against you and what they are capable of.

In other words, the chances of getting into a massive attack are less, but the chances of being hacked by someone who is not sorry to spend 5-10 thousand dollars to prepare for your hack are equal on all devices and almost all operating systems.

Hackers also care about economics, profit and cost. If they are confident they can take the risk. Keep that in mind.

Use Qubes OS, Whonix, Tails or Graphene OS (which is way better then closed and thus unable to estimate risks IOS. Jailbreaking a device makes everything even worse) but some of them require a lot of preparation work and do not have out of the box security! **But.** Any secure OS can't help you, if you don't care about simple security rules - keep that in mind. [See my original Twitter thread!](https://twitter.com/officer_cia/status/1544310051418038278) 

* * *

### Follow these guides:

*   [github.com/undergroundwires/privacy.sexy](https://github.com/undergroundwires/privacy.sexy)
    
*   [github.com/drduh/macOS-Security-and-Privacy-Guide](https://github.com/drduh/macOS-Security-and-Privacy-Guide)
    
*   [github.com/decalage2/awesome-security-hardening](http://github.com/decalage2/awesome-security-hardening)
    

### Security Tips for IPhone & Mac users:

**1 - Keep in mind that in most ways, hackers when dealing with Apple device will try to target non-obvious sources like: ICloud cloud backup, Google cloud Backup, etc!**

*   Example: [telegra.ph/Arthur-Hacked-Research-03-22](https://telegra.ph/Arthur-Hacked-Research-03-22)
    

**2 - Be aware that Apple Care can get a TeamViewer function, you need only a 1 click to loose all your data:**

*   [![User Avatar](https://storage.googleapis.com/papyrus_images/fc80e919c4921f0f31ae1f31b532c8f53f22a237cd63375f3c88207123fb8e4e.jpg)](https://twitter.com/dguido)
    
    [Dan Guido](https://twitter.com/dguido)
    
    [@dguido](https://twitter.com/dguido)
    
    [![Twitter Logo](https://paragraph.com/editor/twitter/logo.png)](https://twitter.com/dguido/status/1507907435440267265)
    
    Hey [@Apple](https://twitter.com/Apple): someone is trying to hack my account through your customer support \*right now\*. I didn't request AppleCare do anything.
    
    ![](https://storage.googleapis.com/papyrus_images/90a493c483c48baaa687167cacd08ce3a20e72f1182f92cdc8435adf10cb50ba.jpg)
    
     [![Like Icon](https://paragraph.com/editor/twitter/heart.png) 139](https://twitter.com/dguido/status/1507907435440267265)[
    
    9:28 PM • Mar 26, 2022
    
    ](https://twitter.com/dguido/status/1507907435440267265)
    

**3 - Disable predictive text on your device!**

*   [reddit.com/r/CryptoCurrency/comments/ubv81z/psa\_my\_phone\_just\_guessed\_my\_private\_key\_if\_you](https://reddit.com/r/CryptoCurrency/comments/ubv81z/psa_my_phone_just_guessed_my_private_key_if_you)
    
*   [www.macworld.com/article/672173/how-to-remove-words-from-iphone-predictive-text.html](https://www.macworld.com/article/672173/how-to-remove-words-from-iphone-predictive-text.html)
    

**4 - Never scan QR codes via your working IPhone!**

*   [tech.hindustantimes.com/tech/news/iphone-user-beware-of-fake-qr-codes-71651747604570.html](http://tech.hindustantimes.com/tech/news/iphone-user-beware-of-fake-qr-codes-71651747604570.html)
    
*   [securityaffairs.co/wordpress/70739/hacking/qr-code-ios-bug.html](http://securityaffairs.co/wordpress/70739/hacking/qr-code-ios-bug.html)
    

**5 - Read my OpSec roadmap to avoid such situations, never download files on your working machine. You should understand all 25 rules!**

*   [github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap)
    

**6 - Use** [**dangerzone.rocks**](https://dangerzone.rocks) **if you are working with PDFs!**

*   [How to store crypto securely - tips from CIA\_Officer](https://officercia.mirror.xyz/GtKNkmRDR_hhCqrnSENjqfPDHHb0W1M2SVeXDp4swCQ) 
    
*   [2 Violent attack vectors in Crypto: a detailed review](https://officercia.mirror.xyz/rt5W3_6PhnXZ8VjYRcRJrhBCI6-x0EJ7CqPi6CLU6Pk)
    
*   [OpSec in Crypto: Thoughts](https://officercia.mirror.xyz/VCUaozkvMw1CSaNm3VnafrDLX4dwEjDIQo6qSOIbO8o)
    

**7 - Protect from Sim-Swappig!**

*   [trustwallet.com/blog/what-is-sim-swap-and-how-can-you-protect](http://trustwallet.com/blog/what-is-sim-swap-and-how-can-you-protect)
    

**8 - Keep up with the latest security news!**

*   [cryptopotato.com/iphone-crypto-users-at-risk-from-multiple-vulnerability-attacks-on-the-ios-mail-app/](https://cryptopotato.com/iphone-crypto-users-at-risk-from-multiple-vulnerability-attacks-on-the-ios-mail-app/)
    
*   [thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html](https://thehackernews.com/2022/03/cryptorom-crypto-scam-abusing-iphone.html)
    
*   [bloomberg.com/news/articles/2022-07-06/apple-launches-iphone-security-tool-to-block-targeted-attacks](http://bloomberg.com/news/articles/2022-07-06/apple-launches-iphone-security-tool-to-block-targeted-attacks)
    
*   [bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices](http://bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/)
    
*   [bleepingcomputer.com/news/security/roaming-mantis-hits-android-and-ios-users-in-malware-phishing-attacks/](http://bleepingcomputer.com/news/security/roaming-mantis-hits-android-and-ios-users-in-malware-phishing-attacks/)
    

**9 - Be aware of Crypto Clipper which attacks a clipboard!**

*   [officercia.mirror.xyz/rt5W3\_6PhnXZ8VjYRcRJrhBCI6-x0EJ7CqPi6CLU6Pk](https://officercia.mirror.xyz/rt5W3_6PhnXZ8VjYRcRJrhBCI6-x0EJ7CqPi6CLU6Pk)
    

**10 - Be aware of Physical attacks!**

*   [github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md](https://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md)
    

* * *

### Attacks on MacOS compilation:

*   [appleinsider.com/articles/22/07/20/new-cloudmensis-malware-uses-cloud-storage-to-spy-on-mac-users/amp/](http://appleinsider.com/articles/22/07/20/new-cloudmensis-malware-uses-cloud-storage-to-spy-on-mac-users/amp/)
    
*   [threatpost.com/stealthy-macos-malware-lazarus-apt/150881](https://threatpost.com/stealthy-macos-malware-lazarus-apt/150881)
    
*   [www.techradar.com/uk/news/apple-m1-macs-are-already-being-targeted-by-crypto-stealing-malware](https://www.techradar.com/uk/news/apple-m1-macs-are-already-being-targeted-by-crypto-stealing-malware)
    

### Linux Attack:

• [www.intezer.com/blog/research/lightning-framework-new-linux-threat](https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/)

### Wi-Fi Security when holding Crypto assets. Special.

*   Read this article: [www.ledger.com/academy/security/hack](http://www.ledger.com/academy/security/hack)
    
*   Go through this awesome list: [github.com/edelahozuah/awesome-wifi-security](http://github.com/edelahozuah/awesome-wifi-security)
    
*   Test: [github.com/techge/wifi-arsenal](http://github.com/techge/wifi-arsenal)
    
*   If you are an IoT device owner, then carefully read: [github.com/nebgnahz/awesome-iot-hacks](http://github.com/nebgnahz/awesome-iot-hacks)
    
*   BGP Hacking: [www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum](https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-)
    
*   Microtik security: [www.itdave.nl/mikrotik-router-seurity-hardening](http://www.itdave.nl/mikrotik-router-seurity-hardening)
    
*   Check out: [github.com/decalage2/awesome-security-hardening](http://github.com/decalage2/awesome-security-hardening)
    
*   [Read](https://t.me/officer_cia/376)
    

### Use an own DLP/SIEM or Bandwidth Monitor:

*   [www.obdev.at/products/littlesnitch](https://www.obdev.at/products/littlesnitch)
    
*   [solarwinds.com/netflow-traffic-analyzer/use-cases/network-bandwidth-monitoring?CMP=ORG-BLG-DNS-X\_WW\_X\_NP\_X\_X\_EN\_X\_X-RTNA-20190930\_9BestNetworkBan\_X\_X\_VidNo\_X-X](https://www.solarwinds.com/netflow-traffic-analyzer/use-cases/network-bandwidth-monitoring?CMP=ORG-BLG-DNS-X_WW_X_NP_X_X_EN_X_X-RTNA-20190930_9BestNetworkBan_X_X_VidNo_X-X)
    
*   [github.com/topics/attack-detection](https://github.com/topics/attack-detection)
    

* * *

Support is **very** important to me, with it I can spend less time at work and do what I love — educating DeFi & Crypto users! ❤️

*   [Check out my GitHub](https://github.com/OffcierCia/?ref=hackernoon.com)
    
*   [Track all my activities](https://start.me/p/QRg5ad/officercia?ref=hackernoon.com)
    
*   [All my Socials](https://linktr.ee/officercia?ref=hackernoon.com)
    
*   [Join my TG channel](https://t.me/officer_cia?ref=hackernoon.com)
    

If you want to [support](https://github.com/OffcierCia/support) my work, you can send me a donation to the address:

*   [**0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A**](https://etherscan.io/address/0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A?ref=hackernoon.com) or [officercia.eth](https://etherscan.io/enslookup-search?search=officercia.eth&ref=hackernoon.com) — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
    
*   [**17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU**](https://blockchair.com/bitcoin/address/17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU?ref=hackernoon.com) — BTC
    
*   **4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — Monero XMR**
    

[

GitHub - OffcierCia/support: SupportMe
--------------------------------------

SupportMe. Contribute to OffcierCia/support development by creating an account on GitHub.

https://github.com

![](https://storage.googleapis.com/papyrus_images/f483ff5e3a47cd17107c66491b63dbc5bf7421e2cc3595e58442ce1177584854.jpg)

](https://github.com/OffcierCia/support)

* * *

### Stay safe!

---

*Originally published on [Officer's Blog](https://paragraph.com/@officercia/macos-ios-crypto-opsec)*