Apple’s first large-scale attack on App store

A group of hackers created a counterfeit version of the software used to build apps for Apple’s app store. This software was then downloaded by developers in China who were duped into thinking that it was genuine.

The malicious code allowed the hackers to collect user data from apps created/updated using the software.

“Xcodeghost” – dubbed by Cybersecurity firm Palo Alto networks – would also be able to send fake alerts to infected devices to trick users into revealing sensitive information.

More worryingly, it could also read and alter information in compromised devices. This could give them the ability to see logins copied to and from password management tools.

In reference to some of the infected apps, such as; WeChat, NetEase’s music downloading app and a cab hailing app similar to Uber, Apple spokeswoman Christine Monaghan said “We’ve removed the apps from the App Store that we know have been created with this counterfeit software”.

She added “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps”.

This type of attack should not happen within the fortress of Apple’s app store. The company has gone to great efforts and invested heavily in ensuring that any app passed trough the gates is thoroughly checked for quality, usability and above anything, security.

It comes back to acknowledging the biggest security threat to any organisation, human error. This is not to discount the work by our “bad guys” to cover up their code in a seemingly clean and identical version of the software. But people who would normally notice these attacks, just could not detect it. Even with high levels of security in development and approval, a culture of security must also be in place. ISO 27001 is not the answer to malware attacks or security breaches, but is a guidance on best practice for protecting information. It sets in motion a culture within your organisation to apply critical risk methodology when developing new software, installing new hardware or even hiring new staff.

In areas like China, network speeds are quite slow when downloading large files. To download the official Apple app development software, Xcode, weighing in at a whopping three gigabytes, it could take some time to get to work. This impels developers to go elsewhere for shortcuts. Several versions of the malicious software Xcodeghost had been uploaded to developer forums under the guise of the genuine product.

Regardless of this embarrassing publicity, there should not be any implications on the sale of Apple products. There has been no breach of personal information recorded and the effected versions of the apps have been removed from the app store.

Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next