Page 9 - index
P. 9
2015 marks the beginning of widespread Smartphone Hacking
By Krishna Kurapati, Founder and CEO of qliqSOFT
With over 3 Billion smartphones world wide in use that is expected to grow to 5.9 Billion by 2020,
http://www.gsmamobileeconomy.com/GSMA_Global_Mobile_Economy_Report_2015.pdf, the
smartphone has become a dominant platform of choice for computing & communication.
Unlike previous generations of cell phones that were primarily used for calls and some interesting
games, the smartphone has become a computer in hand that can do everything a computer can do
plus make calls.
With over 50 billion apps downloaded in last few years, it has become the platform of choice for all
applications. This unprecedented rise of smartphone usage has attracted hackers to use the
smartphone as a cyber criminal platform.
Apple's iPhone has had a good run in terms of security. For over eight years it's been wildly popular
and yet virtually malware-free, long enough to easily earn the title of the world's most secure
smartphone.
That has been recently challenged by following attacks emanating from China.
XcodeGhost attack
Heart of the iPhone security model is the process of creating apps and availability of the apps
through iTunes. Virtually all the apps have to go through an approval process.
Apps are created on Xcode, the Software Development Tool provided by Apple. When an App is
created, it needs to be signed by the certificate provided to the developer by Apple.
Then upload securely to iTunes for Apple’s approval. Apple does many automated checks and also
manual inspections to make sure that the Apps do not violate Apple’s policies.
Hackers hit the heart of this process. Like Greeks took down Troy with Trojan horse, they have
created a tainted version of Xcode, which is made available on servers for developers to download
it instead of regular Xcode.
The tainted Xcode, XcodeGhost, has the ability to induce malware surreptitiously. When an iPhone
user downloads app created by XcodeGhost, the app can do malicious activities from within the
app. Several popular apps such as WeChat and ride sharing app are infected.
Apple discovered this and followed up quickly removed the infected apps from iTunes.
9 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
