XcodeGhost-infected apps open gates to malware hijacking Palo Alto threat bod Claud Xiao says XcodeGhost-infected apps are open to man-in-the-middle attacks and contain a beachhead for other malware writers to attack devices. More than 4000 apps have been infected since developers downloaded a malicious copy of the Xcode iOS development tool through a file-sharing service. The …
I'm no great fan of BYOD, but I think what this shows is that devices that have been brought in, whatever the OS, need to be treated as untrusted and access to corporate data done through a secure means.
Trust your mobile device management app, trust your VDI server, trust your web application, but for goodness sake don't trust your users fondle slabs.
Paris, because she knows all about barrier protection.
Xiao says the DES ECB mode -encrypted communication streams between infected apps and the attacker's command and control servers are poorly encrypted and contain easily-discoverable private keys.
Am I reading that right? As in single-DES encryption? 56-bit keys? Not so much of a challenge to brute force in this day and age, and the hardware needed is getting cheaper.
Given 3DES is being shown the door, I'm surprised that DES would get the slightest look-in.
Yes, that's the point. DES is being used *by the malware* *to talk to its command and control servers*. And yes, DES counts as "poorly encrypted" these days. And hence the contents of the C&C payloads can be attacked.
But perhaps that was not the number one concern of the malware writer.
Or are you saying that the malware would have been "better" if it had used stronger encryption?
What dev would download an sdk from a non-official and not from the company website? None, this stinks to high heaven.
It's like downloading a copy of office from a website called orifice, you wouldn't do, I wouldn't do it, nobody who has any experience of coding would do it, actually nobody with half a brain would do it.
4000 apps? How many devs is that? and for a quicker download speed? are people still on 56k modems or unsure how to leave something downloading overnight?
I think el reg needs a new term for something so stupid it's unbelievable aka bullshit.
You would if the only official source available to you downloads slower than dial-up, which is a very common complaint in China as the download has to go through the Great Firewall and everything that entails. Have you ever tried downloading a 3GB archive through a dial-up connection? Two words: NOT FUN. And given the time it would take, waiting for it may be worse for business than just getting an "unofficial" source and just getting on with it.
I see, but what benefit would the great firewall have of causing slowdown on Xcode so that its own product producing (money making) people would download load it from an unsecure source that allows the devices to be owned. Oh wait, I think I just answered my own question. When is the article on this being a state sponsored security breach due out?
The way that the arrogant Apple security engineering people treat researchers, there will be lots more malware coming their way. Apple reached a popularity threshold now,and it was a profitable venture for the adware slinging bad guys. Funny thing too, how this happened after Apple sold their security souls to the Chinese government. But,the Chinese government would never tip off any bad guys right? I mean,they would not be looking over Apple's code for ways to exploit it,would they?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
