What You Need to Know About iOS Malware XcodeGhost

21 Sep 2015 | Author: | No comments yet »

Hack Brief: Malware Sneaks Into the Chinese iOS App Store.

Some of the most popular Chinese names in Apple’s App Store were found to be infected with malicious software in what is being described as a first-of-its-kind security breach, exposing a rare vulnerability in Apple’s mobile platform, according to multiple researchers. The applications were infected after software developers were lured into using an unauthorised and compromised version of Apple’s developer tool kit, according to researchers at Alibaba Mobile Security, a mobile antivirus division of Alibaba Group Holding Ltd.

It even brought onstage a doctor associated with a new app that lets clinicians view patients’ appointment schedules and see vital signs, such as heart rates, via the Apple Watch. This is because attackers found an unorthodox route to exploit: they targeted some versions of the software used by developers to makes apps for iOS and OS X in the first place.

The list of recently compromised iPhone and iPad apps includes Tencent Holdings’s popular mobile chat app WeChat, Uber-like car-hailing app Didi Kuaidi, and a Spotify-like music app from internet portal NetEase. A search of the term “mobile health” in the Apple App Store produces 22,755 programs that purport to do everything from consolidating personal health records to triaging symptoms. In separate statements posted to social media over the weekend, Tencent, Didi Kuaidi Joint Co. and NetEase said their applications had been compromised but said no sensitive customer information had been lost. “At present, we haven’t discovered any loss of user information or assets as a result of this [breach], though the WeChat team will continue to monitor and do tests,” Tencent said in a message posted to the Sina Weibo microblogging service late Friday.

One app can even turn a smartphone into a medical device designed to diagnose patients with sleep apnea when a single-lead electrocardiograph (ECG) is connected to the phone. Chinese anti-censorship activist group Greatfire.org called it “the most widespread and significant spread of malware” in the app store’s history. The Alibaba researchers have dubbed these malicious variants “XcodeGhost.” Apps constructed with XcodeGhost code will collect a bunch of information about a customer’s device once the app has been downloaded.

Asked whether it was possible the Chinese government was involved, Palo Alto Networks said it didn’t yet have enough information to determine who was behind the attack. The data siphoned includes the current time, the name of the device, and the network type—none of which is anything a hacker could really use against you. Other apps found infected with the malware include those belonging to state-run mobile carrier China Unicom, and 12306, the country’s official train-booking website, researchers said.

It wasn’t clear how the infected apps made it past Apple’s screening process, or whether the breach had resulted in any user information being stolen, though researchers said millions of devices could have been exposed based on the popularity of the apps in question. The patient might now come to an appointment with ideas on treatment options — and want to take a more active role in treatment by utilizing the tools in their app. However, the apps analyzed were reportedly only from the Chinese App Store, so it doesn’t look like customers from other areas of the world need to worry. Also, any developers who obtained their copy of Xcode from an unofficial source could be affected, as there is a chance their products are not totally above board. To write apps for Apple devices, developers have to use a tool kit called Xcode, but downloading the official version from Apple’s website can take a long time in China.

These are apps made by companies specifically for their own employees’ devices, so they don’t have to go through any sort of Apple security check. However, “that’s a pretty obscure attack,” Charlie Miller, a security researcher at Uber who got his own malicious software onto the App Store in 2011, tells WIRED in a phone interview. The apps that did get through didn’t seem to do any really nasty stuff. “If you made it really, obviously bad, probably [Apple] would catch it,” Miller says. Security researcher Claud Xiao wrote on the firm’s website Friday that criminals and spies could use the malware to gain access to iOS devices. “We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” he wrote.

Even if a user were inclined to actually locate and read the lengthy terms and conditions, there’s no way to determine if the app was created with the involvement of a medical professional. To the contrary, the fine print on the app’s privacy policy and terms will likely include language warning the end user that the app is “not a substitution for consultations with qualified health care professionals who are familiar with an individual’s medical needs.” Thus, the physician continues to be liable for patients’ care. The Food and Drug Administration has announced that it will only evaluate mobile medical device apps that are complex in nature, such as controlling delivery of insulin to a pump; serving as a de facto medical device like a glucometer; or using patient-specific information to create a diagnosis or recommend treatment. The FDA will not, as a general rule, evaluate apps deemed to pose less risk, such as those that inform or assist patients in managing their disease without providing treatment suggestions, or apps that help patients track or organize health information. While traditional health care providers are bound by the strict requirements for protecting the confidentiality of patient data under HIPAA, mobile medical apps are not.

For example, one policy says: “To ensure that your information is secure, we have in place commercially suitable physical, electronic, and managerial procedures.

Here you can write a commentary on the recording "What You Need to Know About iOS Malware XcodeGhost".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts


ICQ: 423360519

About this site