How Cybercriminals Hacked the Apple App Store
Hackers did, in fact, hack the Apple App Store.
Apple provides a set of tools for developers to create apps. One of the codes they provide is called Xcode. In China, developers used a counterfeit version of this code because it was quicker to download. Hackers were able to modify this counterfeit version and then plant malicious code onto the apps which were being created. The developers then released these compromised apps, not knowing malicious code was installed with the capability to steal data and send fake alerts to phish for user data.
Apple has already removed the apps they know were created by this counterfeit software. There’s no evidence user data has been stolen. Will this prompt copycats to use this technique to implement a hack? The answer is likely yes.
A big concern is detection. Apple is going to have to consider taking extra steps to scan apps before bringing them to the public in the Apps Store and put processes in place to be sure this does not happen in the future. The landscape of mobile application security is changing very rapidly.
CyberSponse CEO Joe Loomis was interviewed today on CNBC this morning about the App Store hack. View the interview here. Some mobile application securities mentioned in the interview that you can use to scan your apps are Sophos, Lookout and AVG AntiVirus.