What Does First Major Attack On App Store Mean For Mobile Security?

Apple iphone chinese dragon china new year © 1000 Words Shutterstock

Security experts share their view on the XcodeGhost App Store attack

The mobile app development world was rocked by the news that malware had been able to infiltrate a number of leading apps on the iOS App Store over the weekend.

Using a cracked form of the Xcode program used to create apps and services for iOS devices, the affected apps have now been scrubbed from the App Store, but mark the first time that Apple’s defences have truly been breached.

But what does this mean for the security of Apple devices and the mobile security space in general? TechWeekEurope asked the experts to find out their views.

David Emm, principle security researcher at Kaspersky Lab

“While the majority of mobile malware targets victims running Android, this incident highlights the fact that iOS isn’t immune to malware. Apple’s ‘walled garden’ approach does make it harder for cybercriminals to compromise apps, but if something does slip through the net, as in this case, there’s no protection available because Apple doesn’t provide third-party developers with the means to develop anti-malware protection for iOS.”

John Smith, principal solutions architect at Veracode

apple app store“In recent years it has seemed that the problem of Mobile Malware was bigger for Android than for iOS. The more rigorous testing regime required before an iOS app can be published has always been considered to be the reason for this difference, but in this case it seems to have fallen short. One very interesting aspect of this incident is that that the developers of the apps had no knowledge that their own code was being used to carry malware – it was the modified development environment (Xcode) that introduced the payload.”

“This case highlights the importance of testing what you actually provide to your customers, rather than what you think you are providing. Analysing the compiled code for vulnerabilities and malware using technologies such as Binary Static Analysis and App Reputation Testing could have prevented these dangerous apps from ever being published.”

Gavin Reid, VP of threat intelligence at Lancope

“You’re only as strong as your weakest link. Here we have the walled garden of iTunes being toppled by a 3rd party use of developer software package being distributed out of China. The miscreants attacked a set of software tools for developing iOS applications called Xcode.

cloud apps“Application developers that used the tainted developer package and created applications that compromised the user data on the device. These compromised applications were then submitted to Apple by the typical developers for the app.

“One example is WeChat from Tencent it is one of the most installed software apps in the Asia Pacific region with 100 of millions of installs. In this case there is little the user can do to protect itself. The fix for this is better care from the application developers (to security), and better verification from Apple.”

Thomas Reed, director of mac offerings, Malwarebytes

“There are a few very interesting aspects to this new malware. First, of course, is the fact that these infected apps made it into the App Store. This is easily the largest App Store breach in history. There is little doubt that there will be some revision of the app review process at Apple as a result, but it’s also certain that this incident will erode consumer confidence in the App Store as a (mostly) unassailable malware-free fortress.”

“Worse, there was really no way to tell that these apps were infected. Perfectly respectable, legitimate apps turned out to be infected. It’s hard for any user to be on guard against this kind of malware. Especially on iOS, where security features in the system make anti-malware software impossible.”

“Even if you don’t have a known infected app, it’s important to update all of your iOS apps. (It’s not always easy to tell which apps may have been made by a Chinese developer.) If a developer becomes aware of their app being infected, they should issue an update to fix the problem. Hopefully, Apple will take some kind of action to find and remove any further infected apps.”

What do you know about Internet security? Find out with our quiz!