back to article Apple's iBackDoor: Dodgy ad network code menaces iOS apps

Security researchers have discovered “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded backdoors in iOS apps that used the library to display ads, opening the door for hackers to access sensitive user data and …

  1. Velv Silver badge

    " they must affirmatively bypass Gatekeeper"

    So the walled garden has a gate that anyone can open as long as they're responsible and close it behind them?

    1. Ilsa Loving

      You say that as if it's a bad thing. The alternative would be to not allow people to do that at all, which would be infinitely worse because you could then kiss goodbye countless open source applications, etc etc.

      My only complaint about the way Apple handled the xcodeghost thing, is that Apple didn't outright bar the companies from ever submitting applications to the app store again. The level of utter stupidity that these developers displayed is just mindboggling.

    2. Mike Moyle Silver badge

      You can set OS X to only open applications downloaded from the Apple Store, or from the Apple Store and/or developers with a valid Developer's ID, or from anywhere at all.

      So, yeah... Kinda makes the knee-jerk snarky "control-freak", "locked-down", "walled garden" comments seem rather puerile when anyone can permanently disable Gatekeeper at any time. (OS X DOES, however -- quelle horreur! -- require that you input your password before changing that security setting. I guess that must be that heavy-handed control-freakery at work...)

      1. O RLY


        While I agree, how does that apply to iOS? The article's not about the Mac.

        1. Mike Moyle Silver badge

          I could be wrong but, since the article says "Mobile security researchers at FireEye have identified 2,846 iOS apps containing backdoored versions of mobiSage SDK," I assumed that, as with XCodeGhost, the source of the dodgy SDK was from a lax developer downloading the SDK onto his/her Mac from an insecure/unsigned source.

          The linked FireEye notice says, as well; "It is unclear whether the potentially backdoored versions of the ad library were released by adSage or if they were created and/or compromised by a malicious third party." So, while it's currently unclear, it seemed to me that a dev's disabling of Gatekeeper was, at least, a not unlikely source of infection.

          1. This post has been deleted by its author

  2. Paul F

    So it's a people problem. Someone has to consciously decide to do things the wrong way.

    People. What a bunch of bastards.

  3. Mike Bell

    Wouldn't be an issue...

    If iOS scrapped free apps (funded by ads) completely.

    I mean, let's face it, iOS apps are bloody cheap. If an app is worth having, it's worth paying a couple of quid for. As opposed to the current situation where there are gazillions of copycat useless bell-ringing and torch apps. Actually, they might have banned torch apps now since one comes pre-installed, but you get the idea.

    I'm strongly of the opinion that there are far too many shit apps on the App Store, and offering them for free (with the attendant ads) only makes that situation worse.

    1. DougS Silver badge

      Re: Wouldn't be an issue...

      Or Apple could require them to use their own ad network. I remember a few years back when Apple introduced iAd there was a lot of wailing and gnashing of teeth by the Apple haters, suggesting that Apple would soon force everyone to use their own ad network. They never did, but if this keeps happening some might suggest that.

      Unfortunately this sort of problem wouldn't necessarily be limited to an ad network library. Any non-Apple library that developers are likely to add to their iOS apps would be a target for miscreants introducing a backdoored version. If Apple forced use of iAd, there are surely some other popular libraries that get included in apps that would be targeted instead. Ad network libraries are the low hanging fruit for obvious reasons, but if they were no longer an option they'd choose the next lowest hanging fruit.

      Since iOS apps are sandboxed, and few apps will even be in a position to grab contacts lists etc. it seems the only thing they can do is try to trick the user into entering their iCloud or AppleID password. Not sure how easy it would be to catch that sort of thing, since the code could be obfuscated so you wouldn't have "iCloud" as a string present in the submitted binary.

    2. Anonymous Coward
      Anonymous Coward

      Re: Wouldn't be an issue...

      If iOS scrapped free apps (funded by ads) completely.

      I think it would be a good start if ad supported apps were clearly flagged as such, and were not allowed to introduce apps in an upgrade but had to put a separate version in the app store (to avoid sneaking this in later).

      I have no problem with people seeking to generate ad revenue, but it seriously pisses me off if I find that out AFTER installation. What also annoys me is apps I DID pay for but that suddenly acquire ads anyway (I'm looking at you, shazam). It's my bandwidth you're stealing.

      Allow people to make a choice instead of conning them with "free, but not quite free" apps. Free <> ad supported <> paid.

  4. Anonymous Coward
    Anonymous Coward

    Is this article describing two unrelated problems ?

    The first part states there is at least one compromised ad-support library that is used in a number of apps available on the official Apple Store. It doesn't say where developers get this kind of library - i.e. from "official" sites or from potentially compromised sites. The second part of the article then refers to one known source of compromised development software, but how is this related to the bad library ?

    1. WolfFan Silver badge

      They used the bad library. This was the mobiSage SDK, available from adSage. AdSage may/may not be responsible for the trojans, as the latest version of mobiSage doesn't seem (please note the magic word) to have the trojan.

      In addition, they turned Gatekeeper off. They pretty much had to turn Gatekeeper off in order to use a SDK from someone other than Apple. If Gatekeeper had been on, it would have detected and blocked at least some versions of the bad library.

      There's a whole lot of detail on the FireEye site, linked to from El Reg's article.

  5. Only me!

    It just works

    Nice to see Apple have helped keep up there efforts in ensuring things "Just work". In this case they have extended it to viruses.

    1. Otto B Stern

      Only me-- Learn to SPELL before you post

      Which THERE are you referring to?


    Apple have to more concentrate on such type of codes that harms lots of apps

  7. Anonymous Coward
    Anonymous Coward

    re 'must seek out a an unofficial source for XCode'

    Asking the thousands of Hackintosh users to donate money they likely do not have won't happen!

    On the actual subject,it is individual real malware lurking for years that is more dangerous.

    How many are there, and how many had 'silent' deletes done without us being told?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019