+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

How the largest hack in the history of the App Store was pulled off

Sep 22, 2015, 01:53 IST

Sean Gallup / Getty Images

Advertisement

Since its inception in 2008, the iPhone's App Store has been almost malware free.

That changed on Sunday, when Apple said that its App Store had been infiltrated by dozens of infected apps.

One of those was WeChat, the hugely popular messaging app that's regularly used by more than half a billion people around the world.

While the hackers behind the attack are still unknown, the malware's end goal was to collect sensitive information from iPhone owners, like iCloud credentials and other account passwords.

Advertisement

Apps containing malware have slipped into the App Store before, but never at anywhere near this scale. So just how did one piece of malware manage to perform the most sophisticated and widespread attack in the App Store's history?

By getting developers to use a tainted version of the software that's used to make iPhone apps.

On September 17, Palo Alto Networks, an online security company, published its findings on malware called XcodeGhost, the compromised version of the iPhone developer toolkit.

The malware was unknowingly distributed by Chinese developers in over 50 apps. In addition to WeChat, Didi Chuxing, a ride-hailing app, and CamCard, an app that scans business cards, had also been infected.

XcodeGhost received its name from its tricky method of infecting apps. Compromised versions Xcode, the toolkit developers use to make iPhone apps on the Mac, were illegally distributed in China starting in March of this year, according to Palo Alto Networks.

Advertisement

Developers using versions of Xcode that aren't from Apple is a problem in China because the country makes it difficult and slow to download files from the internet outside of its nationwide firewall.

Since Apple's servers aren't in China, it sometimes makes more sense for Chinese developers to download what they need to make apps from faster sources that are hosted inside their mainland.

On Sunday, Apple said that it was working to remove apps from the App Store that were submitted from comprised versions of Xcode.

"A fake version of one of these tools was posted by un-trusted sources which may compromise user security from apps that are created with this counterfeit tool," an Apple spokesperson told Reuters. "To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."

Palo Alto Networks

Advertisement

On Saturday, WeChat posted an update to its app that removed the XcodeGhost malware, noting that "a preliminary investigation into the flaw has revealed that there has been no theft and leakage of users' information or money."

While there have yet to be any confirmed cases of apps infected by XcodeGhost collecting user data like passwords, the hack does not bode well for the squeaky clean perception of the App Store that Apple likes to uphold.

Apple did not respond to requests for comment on this story.

As a company that loves to tout its software's security over Android's at every chance (and fittingly so: the iPhone accounted for less than 1% of mobile malware in 2014, according to Motive Security Labs), keeping malware out of the App Store is of paramount concern to Apple.

But the sly way that XcodeGhost slipped past Apple's infamously stringent review process and into the App Store raises the question of whether it could happen again, and on a potentially wider scale.

Advertisement

No walled garden is impenetrable

Apple could have been alerted to the malware by physically testing the apps during the App Store's review process, according to Nikias Bassen, a mobile security researcher for Zimperium who was also part of the team of hackers responsible for jailbreaking past versions of iOS.

Bassen told Tech Insider that apps containing XcodeGhost would not necessarily look infected to Apple during a scan of their contents, since the malicious activity occurred only when the app was installed on an iPhone and was communicating with the hacker's servers.

A warning could have been raised if Apple would have noticed multiple apps from different developers communicating with the same server, according to Bassen. But even then, he noted that the hacker could delay serving messages like "enter iCloud password" until after the app was live in the store, which would avoid Apple's team of reviewers.

Olson, of Palo Alto Networks' threat intelligence research team, said that the origin of the hack is still a mystery, but there's no reason to believe it was orchestrated by a cybersecurity company or government.

At the end of the day, this latest hack is a wake-up call that the App Store isn't as impenetrable to hackers as you may think, and that it's always wise to exercise caution when using the apps on your phone.

NOW WATCH: 10 new things your iPhone can do

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article