NEWS FROM THE LAB - Tuesday, August 6, 2013

Are Apple developers on the hacker hit list? Posted by SuGim @ 09:27 GMT

Note: this post is condensed from an article written for Digital New Asia.

Apple's developer website for its Mac, iPhone and iPad products was taken offline about two weeks ago; shortly afterwards, Apple released a statement saying that the site had been suffered an intrusion.

Soon after, a grey hat Turkish security researcher, Ibrahim Balic, in London claimed responsibility for the intrusion in a video posted on his YouTube channel, in which he claimed that he had filed bug reports prior to the takedown of the website.

Although there has been no further comments or statements from Apple about Balic's claim, Apple does seem to be taking the occurrence seriously and is currently still working restoring their web services.

Now the issue is — why are developers, particularly iOS developers, being targeted now more than ever? The intrusion on the developer site, though allegedly done with benign intent, brings greater attention to the importance of securing developer accounts, and the potential consequences if such accounts are compromised and misused.

This is in light of an attack earlier this year on the popular iOS Mobile developers' forum iPhoneDevSDK, which successfully garnered victims from the big tech companies, like Apple, Facebook and Twitter and so on.

Notice from IPhoneDevSDK Admin

This was a textbook watering hole attack, where a hacker intending to attack specific users first compromises a site those users are likely to visit, in order to gather information or access they can later use for a more direct attack against the targets — in this case, the developers who were visiting the site.

Gaining access an application developers' personal information, which may be used later to compromise their developer accounts, could lead to great harm for users who trust the developer's products and reputation, particularly on the iOS platform.

Unlike Google's Play store or other app stores for the Android platform, penetrating and uploading a tainted application into Apple's Apps store has long been a challenge for malware authors, particularly as Apple's strict review policies has successfully prevented much rogue application activity in the 6 years since the first iPhone appeared.

To get around these barriers, malware authors are now targeting the developers themselves. Their real aim — to gain access to the developer's accounts on the App stores, from which they can essentially hijack the developer's reputation and products to push their own wares.

Full article: Are Apple developers on the hacker hit list? — by Su Gim Goh