[Parrillas NY]

I told you!!! don't use apple devices!! VIVA BLACKBERRY!! jajaja I'm ANTI-apple

[FlashFlare11]

It already HAS been replicated at least in terms of the potential effect on end users, although the exact method didn't even require making a malicious app development tool. The Android equivalent is to substitute third party download sites like mobile1.com instead of the official Google Play source. The social engineering comes by offering free (cracked) downloads of pay-ware, eagerly snapped up by unscrupulous Android and BlackBerry (android runtime) users who think they are getting something for nothing. They probably *are* getting something for nothing, but they have no idea what they are really getting and whether the hacking was limited only to breaking the paywall.

This doesn't surprise me one bit. The method they used to get into App Store is by no means an Apple-only "vulnerability" (if that's what it should be called). I always wondered how many BlackBerry users have installed malicious software through third-party app repositories like the one you mentioned.

Anyway it's pretty clear that the App Store was specifically targeted in this case and that doesn't mean that this couldn't happen somewhere else.



Sent from my iPhone using Tapatalk

[bobshine]

This is scary.

Posted via CB10

[raino]

This doesn't surprise me one bit. The method they used to get into App Store is by no means an Apple-only "vulnerability" (if that's what it should be called). I always wondered how many BlackBerry users have installed malicious software through third-party app repositories like the one you mentioned.

Anyway it's pretty clear that the App Store was specifically targeted in this case and that doesn't mean that this couldn't happen somewhere else.

But here's the thing. If you're curating a "walled garden," there is absolutely no excuse for this happening. None whatsoever. The Google Play Store is a cluster**** in this regard, as are some of the other Android app stores (except, notably, Amazon,) but for this to happen with the Apple Appstore is inexcusable.

[FlashFlare11]

But here's the thing. If you're curating a "walled garden," there is absolutely no excuse for this happening. None whatsoever. The Google Play Store is a cluster**** in this regard, as are some of the other Android app stores (except, notably, Amazon,) but for this to happen with the Apple Appstore is inexcusable.

I agree. That's why I'm somewhat confused by how this happened. You always hear of apps being rejected from the App Store for seemingly strange reasons so why this wasn't caught is sort of perplexing. I'd be surprised if this ever happened again as I've little doubt new checks will be implanted into Xcode.


Sent from my iPhone using Tapatalk

[AnimalPak200]

I agree. That's why I'm somewhat confused by how this happened. You always hear of apps being rejected from the App Store for seemingly strange reasons so why this wasn't caught is sort of perplexing. I'd be surprised if this ever happened again as I've little doubt new checks will be implanted into Xcode.


Sent from my iPhone using Tapatalk

Sounds it was larger devs with established apps, which I'm sure receive less scrutiny than new apps from unknown developers.

Posted via CB10

[PantherBlitz]

Apple says... it's the users fault.

They are downloading it wrong.

[donnation]

Why are some BB users so concerned about Apple issues, that it merits being posted on CB? SMH.

Because outside of the Venice, there's not much to talk about.

[Superdupont 2_0]

This could have happened can happen at any time in every app store on every platform.

We allow apps to send telemetrics to servers we don't know.
We allow apps to receive ads from servers we don't know.

And within all this background communication could be a hidden command that lets the app do other things (usually limited by the given apps permission).
I don't think that this kind of malicious behavior can be easily detected.

Actually this is a very nice proof of concept, should let you think twice before you allow an app any access permissions on your phone.

[Tre Lawrence]

Dismal news. Shouldn't happen.

App stores tend to be tough. Didn't one of our own on CB find a major hole in BBW?

[Elephant_Canyon]

They are downloading it wrong.

If you're talking about the developers who downloaded Xcode through sketchy filesharing sites, then yes, they downloaded it wrong.

[gallopiton]

Posted via CB10

[axeman1000]

Huh?

BlackBerry Ltd Legacy Phones Hit By 'Inception' Malware

BlackBerry 10 Haunted by Adobe Flash Vulnerabilities | SecurityWeek.Com

Lol nice but if you read the article, the os7 was targeted, not compromised. The.bb10 flash was also a possible but not 100% confirmed intrusion.

These articles are useless. The apple one is right out telling you to change your cloud password and delete the apps cause they are in and it happened.

BlackBerry is still not hacked, nice try though.

[axeman1000]

I don't think that this incident speaks to BlackBerry's security, but rather where hackers choose to spend their resources. I'm sure that hackers feel that they can get more information from an iOS app infected with malware than a BlackBerry app infected with malware, just by the relative number of users.

Yeah cause no one would want government business. Lol try again.

[LazyEvul]

Yeah cause no one would want government business. Lol try again.

This argument is brought up countless times on these forums and is complete nonsense. High value targets like that can afford to employ their own security experts, who are usually under NDA - so we'll never hear about what kind of issues they might find.

For malicious hackers, it makes more sense to hit multiple low value targets - they're easy, low-risk, and gaining a few bucks from each will add up pretty quickly.

As for hackers who work for the public, so to speak, it makes more sense to target more popular platforms - you attract more attention to yourself, and it provides a greater benefit to a greater number of people. It also gives you much more prior material to work off of, and in the case of certain manufacturers (like Google and Microsoft), allows you to score bug bounties for your findings.

Even companies in the business of selling exploits will likely be more interested in popular platforms. They'll certainly get requests for less-popular ones occasionally, but popular platforms will garner more sales - especially from state actors looking to engage in mass surveillance. Heck, just today one such company announced a $1 million bounty for certain iOS 9 exploits. But we'll never hear any details about these, because revealing their exploits to the public would put such companies out of business awfully quickly.

As a sidenote, that same company (Zerodium) believes iOS 9 to be the most secure mobile OS available today. Coming from people in the business of selling vulnerabilities, that's pretty high praise - though I'd argue the evidence isn't so conclusive, but I also know far less about mobile security than they do.

[Coachbulldog]

IOS today, android was hacked a few weeks ago. Yet BlackBerry 10 and os7 untouched. Seems like BlackBerry's marketing department would use something like this to get the word out about its secure OS. Maybe?

Posted via CB10

The biggest reason is in a few weeks BB is going to announce their own Android device and the marketing campaign you're suggesting works against the Venice.

[MikeX74]

IOS today, android was hacked a few weeks ago. Yet BlackBerry 10 and os7 untouched. Seems like BlackBerry's marketing department would use something like this to get the word out about its secure OS. Maybe?

Posted via CB10

BlackBerry's marketing department shouldn't be waiting for incidents on other platforms to actually do some advertising.

[katiepea]

do you guys really not think blackberry world has apps in it that collect information for 3rd parties and use it? hell BBM does that. If you're not on BES you're no more secure than any other platform. Most vulnerabilities come from people installing an app and giving it permissions blindly. That undoubtably happens in bb10 also. Just look at BBW, it's full of completely garbage apps with about 5% useful ones.

[Upright-Underground]

I don't think that this incident speaks to BlackBerry's security, but rather where hackers choose to spend their resources. I'm sure that hackers feel that they can get more information from an iOS app infected with malware than a BlackBerry app infected with malware, just by the relative number of users.

Exactly! Great point.

 Classic

[dejanh]

Without reading too many of the comments in this thread, I can pretty much summarize how this discussion goes...

"Hahaha, look at Apple, hacked again. What a joke. If they were using a BlackBerry this never would have happened." followed by..."+1" and "iSheep", and "when will they learn", and then the final "look at how many times they got hacked, yet BlackBerry never gets hacked!".

To put this in practical terms, BlackBerry has nonexistent market presence. As such, nobody cares to hack a BlackBerry. Therefore, BlackBerry is safe by "obscurity", not because of actual security measures. Until such time that BlackBerry has a significant enough market share to be the target of these types of exploits, every attempt to say that BlackBerry is better than an iPhone in preventing the end user from getting hacked is anecdotal at best.

[Zeratul57]

I always knew having less apps was a great thing for BB10!!! [/sarcasm]

This is really a surprinsing way to tricking apple, especially it means tricking developers to use custom dev tool. You would think devs shoudl know to only download stuff from official pages and not from upload_your_files_here.com

Right and since those at apple and android keep saying security isnt important and no one cares then why should a dev give a rats *** if his tools are junk. No one else cares or there are no consequences. Thats an apple problem. These devs should be fined or sued! Submit a virus or infected code you should pay!

[FlashFlare11]

Right and since those at apple and android keep saying security isnt important and no one cares then why should a dev give a rats *** if his tools are junk. No one else cares or there are no consequences. Thats an apple problem. These devs should be fined or sued! Submit a virus or infected code you should pay!

I'd like to know when Apple and Google said they don't care about security. Source, please?

[z10Jobe]

Without reading too many of the comments in this thread, I can pretty much summarize how this discussion goes...

"Hahaha, look at Apple, hacked again. What a joke. If they were using a BlackBerry this never would have happened." followed by..."+1" and "iSheep", and "when will they learn", and then the final "look at how many times they got hacked, yet BlackBerry never gets hacked!".

To put this in practical terms, BlackBerry has nonexistent market presence. As such, nobody cares to hack a BlackBerry. Therefore, BlackBerry is safe by "obscurity", not because of actual security measures. Until such time that BlackBerry has a significant enough market share to be the target of these types of exploits, every attempt to say that BlackBerry is better than an iPhone in preventing the end user from getting hacked is anecdotal at best.

Nice try, but BlackBerry used to have the largest market presence and they weren't hacked then. Maybe.... just maybe.... BlackBerry does something.... one thing better than the other operating systems.... ,even with their 0.2% marketshare. Which may explain why the leaders of the three most powerful nations in the western world use BlackBerry.

Spread the word to the herd.

Posted via CB10

[LazyEvul]

Nice try, but BlackBerry used to have the largest market presence and they weren't hacked then.

BlackBerry never actually had the largest market share - even in their heyday, that was Symbian's crown. Mobile devices were also a far less lucrative target at the time, with far fewer users and far fewer sensitive tasks being completed on mobile.

And even with all that, there were exploits found:

Critical BlackBerry exploit to be released Aug 14 | ZDNet
BlackBerry PDF exploit exposes corporate networks | diTii.com ? All About Technology
Hackers Exploit BlackBerry 6 WebKit Browser ? Steal Contacts and Images! - BerryReview

But again, you just can't compare the two effectively - it was a far different time for mobile, and as a consequence, a different time for mobile security.

[z10Jobe]

BlackBerry never actually had the largest market share - even in their heyday, that was Symbian's crown. Mobile devices were also a far less lucrative target at the time, with far fewer users and far fewer sensitive tasks being completed on mobile.

And even with all that, there were exploits found:

Critical BlackBerry exploit to be released Aug 14 | ZDNet
BlackBerry PDF exploit exposes corporate networks | diTii.com ? All About Technology
Hackers Exploit BlackBerry 6 WebKit Browser ? Steal Contacts and Images! - BerryReview

But again, you just can't compare the two effectively - it was a far different time for mobile, and as a consequence, a different time for mobile security.

Ya... but following your original logic, Apple's marketshare is much smaller than Android's, so it should be much less of a target than Android, and yet it is Apple's app store that gets the malware. Go figure.

Posted via CB10