Should Apple have looked for undocumented behavior? Perhaps. They’d been signed by their developers, so they contained that tamper-evident seal. So from Apple’s perspective, the XcodeGhost malware was simply a deliberate feature of the infected apps. That is business-level security and must be applied by the developer. But if you choose to put client information into that file without encrypting it, that’s really not Apple’s concern - nor should it be, if you ask me. It will make sure that your app behaves as expected with regards to that file. In practice, this means that if your app opens and writes to a file, Apple will ensure that you’re using a published API to do that. But it doesn’t screen the app’s security. Apple could, and I expect does, look for signatures of known bad things that could be in an app. It also looks for things like memory leaks that cause an app to allocate memory without freeing it up again.īut it’s not real good at screening for deliberate, malicious “features”of apps. It makes sure an app plays by Apple’s rules (for example, that it only uses published APIs). That won’t be easy, but it’s also not the real problem.įor me, this is the pertinent question: Why on earth didn’t Apple’s screening process detect and stop the XcodeGhost malware in the first place? The answer is fairly obvious, and it’s a problem that has plagued the antivirus industry from its inception.Īpple’s screening process, which doesn’t do any form of source code review, is very good at some things, and not so good at others. What is clear is that enough of them felt that the modified version of Xcode was better than Apple’s in some way, even though Apple’s Xcode is free via its Mac App Store.Īpple may need to find a way to force developers to use its version of Xcode. That could have been something like better language support, but I don’t really know. To succeed, the attackers had to make their modified version of Xcode attractive to developers. That’s what the attackers did they tampered with the code before the digital signature was applied. (That’s what makes the packing tamper-evident, right?) What will work better is to do the dirty work upstream in the production process, before the tamper-evident seal is applied. Messing with the packaging is going to make it clear that it has been tampered with. Now, let’s say that someone wanted to put some bad stuff inside a bottle of aspirin that is protected with a tamper-evident seal. What comes to my mind is that the digital signatures that Apple relies on for iOS’s security are in essence tamper-evident seals. My hope is that Apple will address architectural weaknesses in the way it vets apps. But that’s not the point I want to make today. That’s why responsible companies have robust incident response programs in place, to clean up the mess after mistakes are made. My security mantra is “There ain’t a horse that can’t be rode, nor a man that can’t be throwed.”Apple isn’t perfect. That’s pretty nasty stuff, without a doubt, but let’s take a step back and see what can be learned from the incident. The malware, once run on a consumer’s iOS device, communicated with the attackers and was capable of, among other things, robbing a user of private information, including login credentials. They unknowingly introduced the malware into the Apple App Store via their apps. Plenty has already been written about this, but the TL DR version is this: A version of Xcode was compromised and distributed online to legitimate Chinese app developers. And more importantly, there are some things to be learned from this event, both by Apple and others.Ĭertainly a good number of apps (4,000 or so, by some counts) on Apple’s App Store were infected with what has come to be known as the XcodeGhost malware. Don’t label me an Apple apologist, but there are some things to be said in its defense. Stop the presses! The venerable Apple App Store has been compromised! Yes, it’s shocking news.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |