-
- It already HAS been replicated at least in terms of the potential effect on end users, although the exact method didn't even require making a malicious app development tool. The Android equivalent is to substitute third party download sites like mobile1.com instead of the official Google Play source. The social engineering comes by offering free (cracked) downloads of pay-ware, eagerly snapped up by unscrupulous Android and BlackBerry (android runtime) users who think they are getting something for nothing. They probably *are* getting something for nothing, but they have no idea what they are really getting and whether the hacking was limited only to breaking the paywall.
Anyway it's pretty clear that the App Store was specifically targeted in this case and that doesn't mean that this couldn't happen somewhere else.
Sent from my iPhone using Tapatalk09-21-15 12:21 PMLike 0 - This doesn't surprise me one bit. The method they used to get into App Store is by no means an Apple-only "vulnerability" (if that's what it should be called). I always wondered how many BlackBerry users have installed malicious software through third-party app repositories like the one you mentioned.
Anyway it's pretty clear that the App Store was specifically targeted in this case and that doesn't mean that this couldn't happen somewhere else.09-21-15 12:24 PMLike 0 - But here's the thing. If you're curating a "walled garden," there is absolutely no excuse for this happening. None whatsoever. The Google Play Store is a cluster**** in this regard, as are some of the other Android app stores (except, notably, Amazon,) but for this to happen with the Apple Appstore is inexcusable.
Sent from my iPhone using Tapatalk09-21-15 12:27 PMLike 0 - I agree. That's why I'm somewhat confused by how this happened. You always hear of apps being rejected from the App Store for seemingly strange reasons so why this wasn't caught is sort of perplexing. I'd be surprised if this ever happened again as I've little doubt new checks will be implanted into Xcode.
Sent from my iPhone using Tapatalk
Posted via CB10howarmat likes this.09-21-15 01:11 PMLike 1 -
-
- This
could have happenedcan happen at any time in every app store on every platform.
We allow apps to send telemetrics to servers we don't know.
We allow apps to receive ads from servers we don't know.
And within all this background communication could be a hidden command that lets the app do other things (usually limited by the given apps permission).
I don't think that this kind of malicious behavior can be easily detected.
Actually this is a very nice proof of concept, should let you think twice before you allow an app any access permissions on your phone.09-21-15 03:38 PMLike 0 - Tre LawrenceBetween RealitiesDismal news. Shouldn't happen.
App stores tend to be tough. Didn't one of our own on CB find a major hole in BBW?09-21-15 04:37 PMLike 2 -
-
-
These articles are useless. The apple one is right out telling you to change your cloud password and delete the apps cause they are in and it happened.
BlackBerry is still not hacked, nice try though.09-21-15 05:10 PMLike 0 - I don't think that this incident speaks to BlackBerry's security, but rather where hackers choose to spend their resources. I'm sure that hackers feel that they can get more information from an iOS app infected with malware than a BlackBerry app infected with malware, just by the relative number of users.09-21-15 05:11 PMLike 0
- This argument is brought up countless times on these forums and is complete nonsense. High value targets like that can afford to employ their own security experts, who are usually under NDA - so we'll never hear about what kind of issues they might find.
For malicious hackers, it makes more sense to hit multiple low value targets - they're easy, low-risk, and gaining a few bucks from each will add up pretty quickly.
As for hackers who work for the public, so to speak, it makes more sense to target more popular platforms - you attract more attention to yourself, and it provides a greater benefit to a greater number of people. It also gives you much more prior material to work off of, and in the case of certain manufacturers (like Google and Microsoft), allows you to score bug bounties for your findings.
Even companies in the business of selling exploits will likely be more interested in popular platforms. They'll certainly get requests for less-popular ones occasionally, but popular platforms will garner more sales - especially from state actors looking to engage in mass surveillance. Heck, just today one such company announced a $1 million bounty for certain iOS 9 exploits. But we'll never hear any details about these, because revealing their exploits to the public would put such companies out of business awfully quickly.
As a sidenote, that same company (Zerodium) believes iOS 9 to be the most secure mobile OS available today. Coming from people in the business of selling vulnerabilities, that's pretty high praise - though I'd argue the evidence isn't so conclusive, but I also know far less about mobile security than they do.Last edited by LazyEvul; 09-21-15 at 06:15 PM.
pantlesspenguin and 21stNow like this.09-21-15 05:44 PMLike 2 - The biggest reason is in a few weeks BB is going to announce their own Android device and the marketing campaign you're suggesting works against the Venice.09-21-15 05:49 PMLike 0
- BlackBerry's marketing department shouldn't be waiting for incidents on other platforms to actually do some advertising.09-21-15 05:54 PMLike 0
- do you guys really not think blackberry world has apps in it that collect information for 3rd parties and use it? hell BBM does that. If you're not on BES you're no more secure than any other platform. Most vulnerabilities come from people installing an app and giving it permissions blindly. That undoubtably happens in bb10 also. Just look at BBW, it's full of completely garbage apps with about 5% useful ones.09-21-15 06:07 PMLike 0
- I don't think that this incident speaks to BlackBerry's security, but rather where hackers choose to spend their resources. I'm sure that hackers feel that they can get more information from an iOS app infected with malware than a BlackBerry app infected with malware, just by the relative number of users.
Classic09-21-15 06:13 PMLike 0 - Without reading too many of the comments in this thread, I can pretty much summarize how this discussion goes...
"Hahaha, look at Apple, hacked again. What a joke. If they were using a BlackBerry this never would have happened." followed by..."+1" and "iSheep", and "when will they learn", and then the final "look at how many times they got hacked, yet BlackBerry never gets hacked!".
To put this in practical terms, BlackBerry has nonexistent market presence. As such, nobody cares to hack a BlackBerry. Therefore, BlackBerry is safe by "obscurity", not because of actual security measures. Until such time that BlackBerry has a significant enough market share to be the target of these types of exploits, every attempt to say that BlackBerry is better than an iPhone in preventing the end user from getting hacked is anecdotal at best.09-21-15 06:25 PMLike 8 - I always knew having less apps was a great thing for BB10!!! [/sarcasm]
This is really a surprinsing way to tricking apple, especially it means tricking developers to use custom dev tool. You would think devs shoudl know to only download stuff from official pages and not from upload_your_files_here.com09-21-15 07:01 PMLike 0 - Right and since those at apple and android keep saying security isnt important and no one cares then why should a dev give a rats *** if his tools are junk. No one else cares or there are no consequences. Thats an apple problem. These devs should be fined or sued! Submit a virus or infected code you should pay!09-21-15 07:07 PMLike 3
- Without reading too many of the comments in this thread, I can pretty much summarize how this discussion goes...
"Hahaha, look at Apple, hacked again. What a joke. If they were using a BlackBerry this never would have happened." followed by..."+1" and "iSheep", and "when will they learn", and then the final "look at how many times they got hacked, yet BlackBerry never gets hacked!".
To put this in practical terms, BlackBerry has nonexistent market presence. As such, nobody cares to hack a BlackBerry. Therefore, BlackBerry is safe by "obscurity", not because of actual security measures. Until such time that BlackBerry has a significant enough market share to be the target of these types of exploits, every attempt to say that BlackBerry is better than an iPhone in preventing the end user from getting hacked is anecdotal at best.
Spread the word to the herd.
Posted via CB10maddie1128 and PantherBlitz like this.09-21-15 07:15 PMLike 2 -
And even with all that, there were exploits found:
Critical BlackBerry exploit to be released Aug 14 | ZDNet
BlackBerry PDF exploit exposes corporate networks | diTii.com ? All About Technology
Hackers Exploit BlackBerry 6 WebKit Browser ? Steal Contacts and Images! - BerryReview
But again, you just can't compare the two effectively - it was a far different time for mobile, and as a consequence, a different time for mobile security.09-21-15 07:30 PMLike 4 - BlackBerry never actually had the largest market share - even in their heyday, that was Symbian's crown. Mobile devices were also a far less lucrative target at the time, with far fewer users and far fewer sensitive tasks being completed on mobile.
And even with all that, there were exploits found:
Critical BlackBerry exploit to be released Aug 14 | ZDNet
BlackBerry PDF exploit exposes corporate networks | diTii.com ? All About Technology
Hackers Exploit BlackBerry 6 WebKit Browser ? Steal Contacts and Images! - BerryReview
But again, you just can't compare the two effectively - it was a far different time for mobile, and as a consequence, a different time for mobile security.
Posted via CB1009-21-15 07:41 PMLike 0
- Forum
- Other Platforms
- Apple iPhone/iPad
Apple App Store infected.
« iOS apps have more vulnerabilities than Android apps
|
I don't understand how Apple has gained so much traction »
Similar Threads
-
Amazon App Store on Passport
By rcranz in forum BlackBerry PassportReplies: 10Last Post: 09-22-15, 08:23 AM -
Google play store
By CanoyDach in forum Ask a QuestionReplies: 11Last Post: 09-21-15, 11:59 PM -
I want to buy a phone and a wireless printer and ? apps? ----
By CrackBerry Question in forum General BlackBerry News, Discussion & RumorsReplies: 3Last Post: 09-21-15, 06:19 PM -
How can I fix you don't have enought storage space available to install this app.?
By CrackBerry Question in forum General BlackBerry News, Discussion & RumorsReplies: 4Last Post: 09-21-15, 04:21 PM -
How can I fix you don't have enought storage space available to install this app?
By Niraj Mahida in forum BlackBerry Q10Replies: 2Last Post: 09-21-15, 08:33 AM
LINK TO POST COPIED TO CLIPBOARD