Society is currently in the midst of what many refer to as the Mobile Revolution, but lack of mobile device security could limit these advancements.
The Apple app store is well-known to be a safe place, relative to other app stores, for users to download apps. Time and again people have downloaded apps from ‘sketchy’ sites and found they have also obtained malware. However, as time has passed, Apple products have unfortunately increasingly become inviting targets. One such malware troubling Apple was Xcode.
This began to be noted in the wild in September 2015 and originated in China. This was spread via an interesting vector. As a rule of thumb, the Apple App store is abundantly stringent in the vetting process for the proposed developers and apps. Xcode was an app used by developers. This was already in the App store. As this would have been exceptionally difficult to infiltrate the rogue version, the attackers placed the modified version in a torrent site. Instead of downloading the app from the App store, the safe source, the users went to the third party. Once downloaded the user was infected with Xcode Ghost. By some estimates this had affected over 500M iOS users.
The equipment potentially affected includes the iPhone, iPad, and iPod using an iOS versus compatible with the infected apps. This malware has much the same objectives as other pieces of malware in that this would collect data from the devices affected, encrypts this, and uploads this to a command & control server. The data collected included the ordinary but also other data that could be used for the purposes (infected app’s name, app’s bundle identifier, devices name and type, system’s language and country, devices (UID), and network type.
Curiously this was coded to be able to read/write to the user’s device clipboard. The remediation for this included the developer’s updating their apps so the user’s could download the safe version.
While the Apple app store is generally considered quite safe, other sites definitely are not. You need to be very careful with your downloads and protect your devices and system. Think twice before you hit the DL button.
Learn more about how to secure mobile devices at the National Cybersecurity Institute.
Bio for Charles Parker:
Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.