Attack on Apple: Developers duped by malware lead to first Apple security breach; Vulnerability shows hackers could access iOS devices

By

Chinese developers were unknowingly fooled by malware to create infected apps leading to the first-ever major Apple App Store security breach. Hackers could exploit this vulnerability to gain access to iOS devices and steal user information.

According to a news report by Reuters, Apple suffered its first large-scale security attack as security firms discovered a malicious program embedded in legitimate apps. This is the first time that a majority of malware-infected programs were able to sneak past Apple's strict app checking procedure.

The Wall Street Journal said that developers unsuspectingly aided the Apple attack. Researchers of Alibaba Mobile Security found out that Chinese app developers used a counterfeit version of Apple's app creation tool kit, Xcode, to create their programs.

Dubbed as XcodeGhost, the malware was advertised by hackers on a Chinese server called Baidu Pan, promising faster downloads of the Xcode software. Developers were fooled to download the malware-tainted version since downloading the software using Apple servers can be slow in China. Hence, they used XcodeGhost to develop apps considered as valid by Apple.

Hackers took advantage of Chinese developers' impatience, said cyber security firm Palo Alto Networks. The firm's Threat Intelligence Director Ryan Olson said that developers are now a huge target for hackers.

Infected apps can expose a user's device details and create fake notifications to steal passwords. iTWire revealed that 39 popular iPhone apps from the Chines iTunes app store were infected with XcodeGhost. Included in the popular instant message app WeChat, Spotify-like music app NetEase Cloud Music, business card scanner CamCard, car-hailing app Didi Chuxing, and other apps

Palo Alto said that although hackers did not steal any information, the malware attack still poses a big threat to iOS security. Security researcher Claud Xiao said, "We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem". He continued to say that hackers, criminals, and spies could use the malware to access iOS devices.

The hack shows that Apple is as open to malicious attacks as Android, especially if developers are targeted. Apple is currently ridding the App Store of infected apps. The mastermind behind the attack is still unknown but is currently being investigated according to Palo Networks.

© 2024 VCPOST.com All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics