Apple taking steps to prevent another large-scale App Store breach

23 Sep 2015 | Author: | No comments yet »

Apple hack exposes flaws in building apps behind ‘Great Firewall’.

China’s ‘Great Firewall’ may have been partly to blame for the first major attack on Apple Inc’s App Store, but experts also point the finger at lax security procedures of some big-name Chinese tech firms and how Apple itself supports developers in its second biggest market.BEIJING/BOSTON: A senior Apple Inc executive said the company would make it easier for Chinese app developers to download its tools for building mobile apps in a bid to prevent further attacks on its App Store.

In an FAQ posted in Chinese and in English on its Chinese website, Apple outlined the steps it is taking with users and developers to both fix the infected apps and keep affected users informed. “Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised,” the company wrote, though it did not specify when or how users would be notified.Apple is refunding all purchases of Peace, the popular ad-blocking app that was pulled from the App Store last week after its creator changed his mind. A malicious programme, dubbed XcodeGhost, hit hundreds – possibly thousands – of Apple iOS apps, including products from some of China’s most successful tech companies used by hundreds of millions of people. Palo Alto Networks, the U.S. internet security company that spotted the problem, says the attacker could send commands to infected devices that could be used to steal personal information and, in theory, conduct phishing attacks. For its part, Apple said it would publish a list of the 25 most popular apps that featured the malware, though it stopped short of revealing how many total apps were infected.

Companies affected by the XcodeGhost attack included Tencent Holdings Ltd, one of the world’s biggest internet firms, and Uber Technologies Inc’s biggest challenger, Didi Kuaidi, which just completed a $3 billion private fundraising round. The list of apps apps identified by security researchers include some of the most popular offerings in China, including WeChat, Angry Birds 2 and Didi Chuxing, a Chinese ride-hailing service. It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools. Schiller also said that Apple plans to list 25 tainted apps that the company has identified so that customers can delete and update them, according to the Chinese-language site. Infected applications includes Tencent’s hugely popular WeChat app, NetEase’s music downloading app and Didi Kuaidi’s Uber-like car hailing app.

The company announced that it was moving to clean up its App Store, after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds, possible thousands, of legitimate apps. On its official WeChat blog, Tencent said the security issue affected an older version of its app – WeChat 6.2.5 – and that newer versions were not affected.

Some Chinese firms had said they were pushed to download Apple’s developer toolkit from unofficial sources in China because of the slow internet speeds when connecting to international services. The country’s censorship architecture, dubbed the Great Firewall, does not block app developers from downloading the official version of Xcode, but the controls, along with low investment in infrastructure for international connections, make using services based outside China a painful process. The world’s second-largest economy has average internet speeds more than three times slower than those in the United States, according to online content delivery firm Akamai’s latest State of the Internet report. China is a huge market for Apple, which earned around $13 billion in Greater China in the last financial quarter and in January 2014 said Chinese developers had launched 130,000 apps for its mobile devices and personal computers. The Apple App Store is generally considered a safe haven as the barrier to entry is high – there’s only been a handful of instances of malware found on iOS apps, compared to Google’s Play store which for a while was regarded as something of a “Wild West” for apps (until they introduced their own malware-scanning system too).

The company published a lengthy note to developers Tuesday, saying that they should always download Xcode from the Mac App Store or their developer website. If Apple had provided a local, quick source for the official Xcode software sooner it could have avoided the problem, said software developer Feng Dahui. Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.

But regardless of the challenges facing them in China, many app developers and security experts said the tech firms themselves bear the most responsibility for the attack, which has affected mostly Chinese companies and users so far.

Here you can write a commentary on the recording "Apple taking steps to prevent another large-scale App Store breach".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site