x404.co.uk
http://www.x404.co.uk/forum/

Apple purges malicious iPhone and iPad apps from App Store
http://www.x404.co.uk/forum/viewtopic.php?f=19&t=24361		 Page 1 of 1
Author:  pcernie [ Mon Sep 21, 2015 7:52 pm ]
Post subject:  Apple purges malicious iPhone and iPad apps from App Store
Apple purges malicious iPhone and iPad apps from App Store | TechRadar
http://www.techradar.com/news/software/ ... re-1304672

Sneaky, very sneaky.
Author:  bobbdobbs [ Tue Sep 22, 2015 6:23 am ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
I miss the days of marklar77 and the 50 page defence.
Author:  davrosG5 [ Tue Sep 22, 2015 11:42 am ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
bobbdobbs wrote:
I miss the days of marklar77 and the 50 page defence.

:D

On the one hand, Apple does not appear to have been hosting the borked version of XCode on its servers. The implication from the coverage I've read is that impatient developers used a local 'mirror' site because the proper Apple download was being too slow. So either they knew they were potentially downloading from a dodgy site or someone was running a highly convincing cone of the Apple one.
I don't really think it's entirely fair to lay the blame for that part at Apples door, certainly not without more information.

On the other hand, it is a fair question to ask why the stuff made with GhostCode didn't get flagged up by the App Store vetting process.
Author:  jonlumb [ Tue Sep 22, 2015 12:10 pm ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
bobbdobbs wrote:
I miss the days of marklar77 and the 50 page defence.


I don't. What I do miss is the inevitable response from someone like Saspro pointing out that one of the core facts upon which his argument was based was wrong, and the whole house of cards coming crashing down.
Author:  jonbwfc [ Tue Sep 22, 2015 12:50 pm ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
davrosG5 wrote:
bobbdobbs wrote:
I miss the days of marklar77 and the 50 page defence.

On the one hand, Apple does not appear to have been hosting the borked version of XCode on its servers. The implication from the coverage I've read is that impatient developers used a local 'mirror' site because the proper Apple download was being too slow.

I don't think it's even that - Apple tend to use Akamai or similar to host their big downloads and they have bandwidth to burn. The analysis I read suggested the core of the issue is national interconnects and the Great Firewall of China - it's simply true that anything coming in from outside China comes in much more slowly than something coming from inside China, so they tend to use local servers for things as a matter of choice and the authenticity of things didn't really come into the decision.

You could legitimately ask how the amended XCode got past the Mac OS X Gatekeeper system - the app should have been signed and if it was, modifying the download should have invalidated the signature. It's possible someone dumb/crazy enough to download something like XCode from god-knows-where would also be dumb/crazy enough to switch gatekeeper into 'run anything from anywhere' mode...

davrosG5 wrote:
So either they knew they were potentially downloading from a dodgy site or someone was running a highly convincing cone of the Apple one.
I don't really think it's entirely fair to lay the blame for that part at Apples door, certainly not without more information.

It looks very much more likely to have been a problem between chair and keyboard at the various developers.

davrosG5 wrote:
On the other hand, it is a fair question to ask why the stuff made with GhostCode didn't get flagged up by the App Store vetting process.

If the GhostCode malware was inserted before the App was signed by the developer, it probably wouldn't immediately set off the sirens because essentially the developer 'vouched' for it. Apple do run app checks to see if the app is accessing things in a way that is obviously bad but given the malware coders know that happens, their code can circumvent a lot of those checks. Fundamentally, what Apple did was trust the developers and the developers turned out to be doing some pretty stupid things.

Frankly, the first thing that shoudl have happened is anyone who got caught like this should have their dev licences revoked.

Jon
Author:  Fogmeister [ Tue Sep 22, 2015 5:48 pm ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
Yeah. Pretty much what Jon said.

If the people who downloaded it had gatekeeper enabled they would have seen that the app either wasn't signed or wasn't signed by Apple.

Once that was done and the malicious Xcode was installed it could inject anything it wanted into the apps at build time. The malicious code would have been signed just like any normal app.

The whole thing is the cause of people being impatient. There are two ways to download Xcode and they didn't do either.

Apple have done the best hing of disabling any apps that have been built with the malicious version of Xcode. Doesn't mean they can stop the usage of it though :-(


Sent from my iPhone using Tapatalk
Author:  big_D [ Wed Sep 23, 2015 3:57 am ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
The reports I've read and heard suggest it wasn't an "Apple" mirror, just a local server hosting a copy of XCode. No mention of who owned the server.

Reports yesterday were saying that they had found over 300 different affected apps now and it is still growing, but that Apple have stopped new apps from being able to be uploaded to the store and they are purging the affected apps as they are being discovered.
Author:  jonbwfc [ Wed Sep 23, 2015 9:42 am ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
I assume/hope that by now they have automated way of scanning the app store for apps that have been compromised in this way. Given though there are several million apps on the app store, it's going to take a bit of time no matter how you do it.

I also hope the shareholders of some of the companies that have had their apps removed from the store (and are thus losing money by the second) are asking serious questions of their management in terms of the decision to outsource the coding to China. Angry Birds 2 is one of the apps apparently? They must be losing millions.

Jon
Author:  big_D [ Wed Sep 23, 2015 11:06 am ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
FireEye have now found over 4000 apps, many from Chinese brands with international reach (consumer electronics manufacturers, banks etc.). Although they have not released a list of affected apps.

Quote:
The apps were infected after developers downloaded a copy of the Xcode iOS development tool through a file-sharing service. That package was modified to trojanise apps in a way that passed App Store security checks, and was advertised on popular developer forums as a faster source to download the 3Gb Xcode file.


http://www.theregister.co.uk/2015/09/23 ... _thousand/
Author:  big_D [ Wed Sep 23, 2015 12:36 pm ]
Post subject:  Re: Apple purges malicious iPhone and iPad apps from App Store
And now a Chinese advertising company has hijacked Android devices...

http://www.theregister.co.uk/2015/09/23 ... al_botnet/
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/