Apple's App Store Suffers Major Hack Attack

Discussion in 'Apple iPad News' started by dgstorm, Sep 21, 2015.

  1. dgstorm

    dgstorm
    Expand Collapse
    Editor in Chief
    Staff Member

    Joined:
    Jul 27, 2011
    Messages:
    619
    Thanks Received:
    144
    [​IMG]

    Over the weekend, Apple engineers were busy cleaning up iOS after the first major, large-scale hacking attack hammered the iOS Apple App store. A number of malicious iPhone and iPad programs made their way directly onto the App Store.

    Apple had to jump to work over the weekend after a number of cyber security firms reported a malicious program called XcodeGhost was found embedded in hundreds of legitimate apps. This marks the first time malicious software code made its way past Apple's strict app review process. According to Palo Alto Networks Inc, before this, only five malicious apps were ever found in the App Store. Here's a quote with more of the scary details,

    "The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.

    "We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

    She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.

    Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

    Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

    "Developers are now a huge target," he said." ~ Yahoo


    Researchers identified several infected apps including: Tencent Holdings Ltd's <0700.HK> popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc. At least one mobile security firm (Qihoo360 Technology Co) claims that up to 344 apps were tainted with XcodeGhost. Apple has not yet declared how many apps it has uncovered with the malicious code.

    When you are the biggest dog on the block, it basically paints a target on your back for the hackers of the world. Let's cross our fingers this will not be a trend of the future for iOS.

    Source: Yahoo
     
    • Informative Informative x 1
    • List
  2. Kayayem

    Kayayem
    Expand Collapse
    iPF Novice

    Joined:
    Sep 20, 2015
    Messages:
    10
    Thanks Received:
    1
    It's a bit surprising that Apple hasn't taken steps to contact users who have downloaded the infected apps....so as it stand, if you have a tainted app, Apple knows you have downloaded it...and are going to just let you potentially compromise yourself further.

    I do understand they may be wanting to shield the developers reputations.... I mean, if you had downloaded a tainted game, you're gonna think twice before downloading another from that same developer. That's an understandable reaction they probably want to avoid...but every minute one of those apps are running on our devices marks another minute we might log into our bank and lose everything (assuming that's the sort of info the malware can collect...)
     
  3. twerppoet

    twerppoet
    Expand Collapse
    iPad Legend II

    Joined:
    Jan 8, 2011
    Messages:
    20,603
    Thanks Received:
    6,446
    Some 'possible' explanations:

    One of the more extensive articles on the exploit said the current (installed) version of the malware didn't seem to be compromising any important data. That might be the reason. Even a tainted app would have a hard time getting access to another app's data. That means any data collected is most likely limited to data entered in the taineted app, and the infection method doesn't let the bad guys chose what data the app gathers. With only 36(8) known apps infected, there may be no critical, secure, private data at risk.

    How much data can you steal from a solitaire game?

    It's also possible that few if any of the infected apps are bing used. WeChat is the only one that's been called out by name, and only an older version of it is tainted. There are a ton of apps in the App Store that have few if any users. I suspect that the reason WeChat is mentioned is that it's the only semi-popular app affected.

    Apple also has the ability to pull app directly off your phone. Or they did early on, and used it exactly once. Maybe they are doing that, though I've heard nothing of the sort. But if few of the affected apps are being used, it's possible no one has noticed.

    As for shielding the developers, Apple has never shown concern for a developer's reputation in the past. If they are keeping quite it's because they are worried about the reputation of the App Store.

    At this point we don't know enough to know if Apple is doing enough. It's possible that we never will.
     
  4. Kayayem

    Kayayem
    Expand Collapse
    iPF Novice

    Joined:
    Sep 20, 2015
    Messages:
    10
    Thanks Received:
    1
    Thanks..those are very good points I hadn't considered. I guess I was expecting the apps would have the ability to monitor activity or catch passwords on banking sites etc.

    I am certain that if any of these apps offer in-app purchases, the app would definitely be able to catch your Apple credentials.


    Here's what I found over at PaloAlto:

     
  5. twerppoet

    twerppoet
    Expand Collapse
    iPad Legend II

    Joined:
    Jan 8, 2011
    Messages:
    20,603
    Thanks Received:
    6,446
    Thanks for the information.

    That's a more disturbing list than I thought it might be.

    If Mercury is the Mercury Web Browser (there's more than one app named Mercury), that's a pretty big risk. A lot of web logins could be compromised.

    I have OPlayer, though I haven't used it in ages, and didn't use it much when I did.

    I'm not familiear with any of the others.

    It's especially disturbing that they say some of these are banking apps. If find it appalling that a developer of a banking app would even consider getting Xcode from a file sharing site.

    Anyway, I'm sure we're going to hear a lot more details about this over the next couple of days, whether Apple makes any more official announcements or not.
     
  6. Kayayem

    Kayayem
    Expand Collapse
    iPF Novice

    Joined:
    Sep 20, 2015
    Messages:
    10
    Thanks Received:
    1
    Did you see the list dgstorm posted HERE? It's up to 85 apps...
     

Share This Page


Search tags for this page

anything