A sophisticated technique is used to compromise Apple's 'walled garden' of pre-screened iPhone and iPad applications.
Apple prides itself on the security of its App Store
The Apple app store is often described as a
"walled garden" - a picturesque image that suggests a serene idyll, a
haven from the bustle and dangers of digital life.
What it means is that Apple strictly controls what makes it
into the App Store, vetting each app to make sure its security (among
other features) is up to scratch.It's worked remarkably well so far.
Apple has sold more than 700 million iPhones to date, according to chief executive Tim Cook, yet the App Store has proven much more secure than the Android app ecosystem, because the latter doesn't have a single quality control system.
So the news that the walled garden has a rather nasty infestation is important. Several Chinese apps were discovered to contain code that could steal user information.
Apple has removed them, but these weren't knock-off stock or weather apps deliberately created to attack private information.
Apple is working to fix the App Store compromise
WeChat, China's answer to Whatsapp, was among them: it has around half a billion users.
Apple's reputation for security will probably survive, even if the walls of its garden could maybe do with a lick of paint.
Given the number of iPhones Apple continues to shift, some sort of security breach was inevitable, and the Cupertino-based company has acted swiftly.
The fact that Chinese apps were infected is interesting for two reasons.
First, China is on track to become Apple's biggest market: it sold more iPhones there than in the US, according to its latest results.
That makes iPhone users in China a bigger target, to criminals and perhaps others.
Secondly, this attack was more sophisticated than making a dodgy iPhone app, then hoping it makes it through the App Store (which has happened in isolated cases), and then that people download it.
Instead, they came up with a fake version of developer tool XCode, and tricked app developers into using it to build their apps. So the legitimate app developers were building apps from code that had already been compromised.
It's very elegant attack, one that requires skill and resources. It's also an approach the CIA considered, according to The Intercept, in a report based on documents supplied by Edward Snowden.
The Chinese government has long taken a keen interest in its citizens' internet activities.
Identifying who's behind a hack is incredibly difficult. But Apple's success exposes it to some of the most motivated and best-funded hackers in the world, be they criminals or nation states, both in China and the rest of the world.
It might have to build those walls a little higher.
No comments:
Post a Comment