Back in March 2015 first first malware infection of iPhones came to light: The Apple App Store was hacked. Back then, it was assumed that only 39 apps had been affected, and Apple acted quickly – it took 300 apps off its official app store.
Now, however, the wider scale of this hack became visbile: over 4000 apps were infected.
The CIA had been working to infiltrate the Apple App store since before the first iPhone even came ou, as The Intercept discovered through documents leaked by Snowden. There had been annual conferences, Jamborees, to discuss how the CIA could get into the Apple system and how they might gain access to information stored on the device.
The way they got in was through a malicious software that resembled the genuine Developer Tool Apple gives to prospecting app developers: XCode.
However, the CIA developed a version of this tool that had a few extra lines of code in it. A few extra back doors. A mailcious twist that makes developers write malicious apps – even without their intention and without them knowing it: XCodeGhost
These back doors now have been found in over 4000 apps within the official Apple App Store. How they got there is anyone’s guess, but it is rather astonishing that these malware infected apps have a code in them that is so remarkably similar to the one the CIA used or proposed to use.
These back doors are by no means harmless: Some of the infected apps use keyloggers, and there is even a method being discussed to have the phone send all and any information it can extract (passwords, billing details, persoinal messages) to a “listening station”.
Some of the apps affected are popular messaging app WeChat and several Chinese apps.
The US Government sponsored the CIA research that had been going on for more than a decade, but, naturally, there are no comments from their side to be found.
What makes this attempt at industrial espionage and cyber attack scarier than many others is, that the government tried to spy on one of its own, one of its biggest corporations.
Apple iPhones have long been praised for their sandboxed nature – that they never allow apps into their official store that have not been tested rigorously. Apple now had to eat its words and send out instructions to their developers on how to detect whether they had been using the genuine developing tool or the hacked and malicious malware XCodeGhost.
There we have it. Corporate security, as we discovered in a recent post on thehacktimes.com must focus on attacks from their own country just as much as from abroad.