For years, Apple fans have argued that Apple devices were significantly less susceptible to viruses than Android devices, because of Android’s open approach to development. But even Apple’s closed iOS app system is vulnerable to determined hackers.
Recently, the company announced that it had to clean up its iOS App Store after discovering numerous malicious programs for the iPhone and the iPad. This is the first reported case of malware software making it through Apple’s rigorous app review process.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email to Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” She did not elaborate on steps users could take to protect their phones and information.
This wasn’t simply a case of a malicious app getting a few downloads. Reuters reports that hackers snuck a customized version of Xcode - a tool developers use to package iOS apps - into legitimate software by enticing app developers in China to use a counterfeit version of Apple’s Xcode software. It is estimated that more than 50 apps containing the malicious software, XcodeGhost, were accepted into the App Store.
So far, Apple has not indicated how many devices may have been affected, and there does not appear to be evidence that the malicious software has successfully compromised any user’s personal information. Even still, security experts note that this incident was concerning purely because of the precedent it sets. If other hackers attempt to sneak their malicious code into legitimate apps, some of them could eventually carry out a successful data breach.
Security research company, Palo Alto Networks, who discovered the hack has published a list of infected apps, including:
- Angry Birds 2
- PDF Reader
For more on the partial list of affected apps compiled by Palo Alto Networks click here.
Although there is currently no evidence that the malware has compromised user’s information, if you downloaded any of these apps you should remove them immediately. You should also change your Apple ID password and any other login details that may have been endangered.
Mobile devices are prime targets for identity theft.
Mobile devices such as smartphones and tablets are becoming increasingly powerful, to the point that some consumers are using them to replace personal computers altogether. In doing so, they are relying on these devices to access their email and other personal information through the many apps they can download. Personal finance and mobile payment apps are becoming particularly popular, and these face some of the highest risk of being compromised.
Personal computer users have been trained to be wary of downloading files over the internet, as even those with the best anti-virus software can never be sure that unidentified files are safe. Apple’s App Store is a relatively closed platform that promises users security and reliability and although owners of iPhones and iPads have grown used to being able to download any app without a second thought, those habits may have to change if additional breaches occur in the future.
Regardless of what computing device you use, it is important for users to understand their risks any time they are downloading something from the internet. Identity theft is a serious issue that can leave a victim’s finances drained and their privacy compromised. It’s important to be proactive. For the best protection, consumers should consider signing up for a credit monitoring services that can alert you to certain activity on your credit file that may be indicative of fraud.