Monday, September 21, 2015

Apple devices massive attack

Recently I wrote here about security for end users, comparing Apple and Linux softwares with Microsoft Windo

Unfortunately, I have just learned that a massive attack is ongoing on several Apps for Apple's mobile devices (iPhone, iPad, etc).

I have read many technical news with their "weird" jargon. And here is, in simple words, what happened:

Software developers need XCode, a software tool provided by Apple itself. Many of them downloaded a Chinese version of the tool, instead of Apple's original version. So, the softwares built with these forfeit version of XCode are all compromised. Roughly, there may be something around 400-500 softwares compromised.

What damage can they cause?
According to BBC, "[...]the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information. It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools"

What can be done?
You should remove the App if it is one of the compromised. You can read here is a list of some of them, but this list is not complete. Good news: Apple is taking car of it for you! According to CNBC, "Apple said it was cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet". Bad news: Apple has not finished it's cleaning job.

Please, just do not go on installing any Apps just because the daughter of the distant cousin of the neighbor of your friend's dentist told you "it rocks"!!! It does not matter which device you have, you might be in for it.

No comments: