A multitude of apps in Apple’s Chinese App Store contained a form of malware that recently bypassed Apple’s code screening process. Researchers at FireEye have found approximately 4,000 apps to be infected with the XcodeGhost malware, affecting hundreds of millions iOS users worldwide. Once downloaded, these malicious applications have the potential to obtain and utilize device and user information, though Apple has saidthey’ve found nothing to suggest any malicious activity as of yet.
Xcode is an integrated development environment (IDE) which contains a suite of software development tools generated by Apple for the development of software for OS X and platforms. XcodeGhost is the malware found in unofficial versions of Xcode downloaded by Chinese developers. It has the capability to modify Xcode and infects iOS applications. WeChat and Angry Birds 2 are just a couple of examples of popular infected applications that are now being updated in the App Store with malware free versions, while many other iOS applications identified as being infected with XcodeGhost are temporarily unavailable. In conjunction with this, Apple has sent email notifications to affected developers, thus instructing them to recompile their products by official Xcode, and to re-submit accordingly in order to prevent future breaches. Is it too late however? Has the damage been done?
Some are labelling this incident as a “first of its kind security breach” exposing a vulnerability and security gap in Apple’s mobile platform, which was once conceptualized as being the most secure of its kind. It is important to note that there was a failure to identify this malware prior to it infiltrating Apple and its users. How did this happen and how may this have been prevented? With modern day tools and technologies in place to protect against such occurrences, how will organizations such as Apple move forward in addressing this security gap?
What one can deduce from this incident is that, contrary to popular belief, Apple is not in fact more safe and secure than PC/Android. Does this incident mean reduced credibility and competitive advantage for Apple within the market? I suppose that is something yet to be determined. What we do know for certain, however, is that there is a security gap which is very much in existence today. Users, unfortunately, are not as aware as they should be when downloading files and applications, especially when the applications in question are being hosted by a “trustworthy” source such as the App Store.
The following is a guest post written by Lucy C., a co-op student from Lisgar Collegiate Institute in Ottawa.
The idea of having a smart home or a smart car is extremely tempting. Being able to live in a world that is fine tuned to exactly your needs seems like a sci-fi paradise. Cars that drive and park themselves, pre-programmed with GPS systems and traffic control, so you know exactly how long your drive to work each morning will be. A home that adjusts it temperature controls depending on your body heat and doesn’t require a key for entry as it recognizes your presence. A kitchen that can cook you breakfast each morning before you awake and a pillow that wakes you up at the exact right moment in your REM cycle.
All of these features and products sound great in theory, but in practice they do have a major downfall; your privacy and security will never be more at risk. All these useful devices will be collecting a slew of personal data about every aspect of your life and if any devices were hacked and controlled by an outside source, the ramifications would be unimaginable.
With your every action tracked and recorded, companies will have all the personal data they could ever want on every consumer. Even if the system is not compromised by a hack and the data is never stolen by an outside source, there is still the lurking possibility that the company will sell your data to other enterprises or to the government, who would then know the every movement of every citizen.
This lack of privacy is accompanied by a frightening lack of security. If someone were to gain control of your smart home or smart car, they could wreak havoc on your life. You could be unable to access your home or they could gain entry to your home by simply pressing a button. It would bring a new age to terrorism, imagine the power a group would hold if they had the capability to crash every car in a city in an instant. Or lock whole cities out of all their buildings.
And the scariest part of these new smart homes and cars? So far, they are surprisingly easy to hack. There are already stories of strangers gaining access to baby monitors and being able to speak through them. The Insteon home control system, a remote control system for turning on and off electronics and controlling temperature in your home, used to be based online with only occasionally password protection, so, if you discovered one of the sites, you could turn on and off any electronics in the home and have access to all the personal data that the system had gathered.
These potentially disastrous consequences of smart homes and cars bring about a burning question: are consumers ready to part with their security and privacy just to have all these cool new personalized gadgets?