back to article XcodeGhost-infected apps open gates to malware hijacking

Palo Alto threat bod Claud Xiao says XcodeGhost-infected apps are open to man-in-the-middle attacks and contain a beachhead for other malware writers to attack devices. More than 4000 apps have been infected since developers downloaded a malicious copy of the Xcode iOS development tool through a file-sharing service. The …

Silver badge
Facepalm

Shows the madness of BYOD

Compromised BYOD mobis are now the preferred attack vector into CPNI, MoD, finance sector, etc.

4
0
Silver badge
Paris Hilton

Re: Shows the madness of BYOD

I'm no great fan of BYOD, but I think what this shows is that devices that have been brought in, whatever the OS, need to be treated as untrusted and access to corporate data done through a secure means.

Trust your mobile device management app, trust your VDI server, trust your web application, but for goodness sake don't trust your users fondle slabs.

Paris, because she knows all about barrier protection.

0
0
Silver badge

Re: Shows the madness of BYOD

On the other hand, how are BYOD smartphones with infected apps any different to corporately owned smartphones with infected apps?

0
0
Anonymous Coward

DES? In 2015?

Xiao says the DES ECB mode -encrypted communication streams between infected apps and the attacker's command and control servers are poorly encrypted and contain easily-discoverable private keys.

Am I reading that right? As in single-DES encryption? 56-bit keys? Not so much of a challenge to brute force in this day and age, and the hardware needed is getting cheaper.

Given 3DES is being shown the door, I'm surprised that DES would get the slightest look-in.

0
0
Anonymous Coward

Re: DES? In 2015?

Yes, that's the point. DES is being used *by the malware* *to talk to its command and control servers*. And yes, DES counts as "poorly encrypted" these days. And hence the contents of the C&C payloads can be attacked.

But perhaps that was not the number one concern of the malware writer.

Or are you saying that the malware would have been "better" if it had used stronger encryption?

2
0
Anonymous Coward

What dev would download an sdk from a non-official and not from the company website? None, this stinks to high heaven.

It's like downloading a copy of office from a website called orifice, you wouldn't do, I wouldn't do it, nobody who has any experience of coding would do it, actually nobody with half a brain would do it.

4000 apps? How many devs is that? and for a quicker download speed? are people still on 56k modems or unsure how to leave something downloading overnight?

I think el reg needs a new term for something so stupid it's unbelievable aka bullshit.

1
2
Anonymous Coward

You would if the only official source available to you downloads slower than dial-up, which is a very common complaint in China as the download has to go through the Great Firewall and everything that entails. Have you ever tried downloading a 3GB archive through a dial-up connection? Two words: NOT FUN. And given the time it would take, waiting for it may be worse for business than just getting an "unofficial" source and just getting on with it.

0
0
Anonymous Coward

I see, but what benefit would the great firewall have of causing slowdown on Xcode so that its own product producing (money making) people would download load it from an unsecure source that allows the devices to be owned. Oh wait, I think I just answered my own question. When is the article on this being a state sponsored security breach due out?

2
0

The way that the arrogant Apple security engineering people treat researchers, there will be lots more malware coming their way. Apple reached a popularity threshold now,and it was a profitable venture for the adware slinging bad guys. Funny thing too, how this happened after Apple sold their security souls to the Chinese government. But,the Chinese government would never tip off any bad guys right? I mean,they would not be looking over Apple's code for ways to exploit it,would they?

1
0

Maybe I'm naive, but . . .

Although this whole episode is a BAD THING, the hackers seemed to have got access to precious little, and this man therefore seems to be in the middle of more or less nothing. And the provenance of the 4000 app claim has not been established.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017