Palo Alto Networks, a security firm based in Santa Clara, California, announced on Sunday September 21, 2015 that Apple’s App Store has been compromised and more than 80 malicious apps have been inserted to the store by hackers. This is a big deal since according to multiple sources, only 5 malicious apps have been found in the store since its first launch in July of 2008. As of today, this major security breach affects the Chinese version of the App Store. Cybersecurity experts agree that this is a game changer for the trusted App Store.
What is the App Store ?
The App Store is the one-stop-shop for applications (apps) use on iPhone, iPad and iPod Touch. The store allows users to buy or download apps. It is in the same place where iOS devices receive updates. It is worth noting that the users may chose to apply these updates or ignore them.
How do apps get into App Store ?
iOS, the operating system that runs iPhone, iPad and iPod Touch does have some native applications (apps) such as Maps, Calendar, iBook and the App Store itself. Additional apps enhance the usability of the these devices for users. This is where app developers come into play. According to Palo Alto and Apple, some developers in China downloaded a fake version of Xcode, called XcodeGhost. Xcode is the apps development platform distributed by Apple.
Xcode helps developers in the process of building new apps and allows the developers to submit their app to Apple for the review process. If the app is approved, it is published in the App Store and available to iOS device owners. For the record, there is nothing worse for an application than the code being compromised. XcodeGhost injects malicious code in Apps developed from the rogue platform.
How developers downloaded XcodeGhost instead of Xcode is unclear, but there are several scenarios that may have happened:
- Search engine poisoning: This attack takes advantage of the fact that a group of people may be searching for the same thing, in this case developers. The attackers may setup a rogue website that indicates that clicking on the link will allow the developer to download Xcode, but the link actually takes the developer to the Xcode Ghost download.
- Rogue ftp website: In the developers community, downloading Xcode takes a great deal of time. The developers may chose to go with an easy to download alternative site and get tricked into downloading XcodeGhost.
- Spear Phishing Attack: The attackers may target a specific list of known developers and provide information about Apple products and regularly update these developers through email until they receive the fake link.
The affected apps are able to collect a great deal of information including phone location, device name, network type, and more. Apple has managed to remove the known apps from the App Store. You should always keep all your apps updated to avoid attackers exploiting known vulnerabilities. If you worry about this particular attack, you can always check out the list of the affected apps.
Tapoko Honore is a world class IT Support Analyst for UMUC where he started as student worker. Tapoko studied computer science for 3 years in Cameroon before arriving in the United States in 2008. He is currently ITIL V3, Security +, SSCP and HDI certified. He received B.S. in Computer Information Technology at UMUC in 2014 and is a current UMUC student studying to complete his M.S. in Cybersecurity. He decided to continue his education because it was a logical evolution in his career and he also aspires to teach Information Systems and Cybersecurity.