1. The Topic of the Month for October is "Make this the Perfect Bugout Location". Please join the discussion in the TOTM forum.

Apple users beware

Discussion in 'Technical' started by sec_monkey, Sep 20, 2015.

  1. sec_monkey

    sec_monkey SM Security Administrator

  2. Hanzo

    Hanzo Monkey+++

    Shouldn't they disclose the apps so consumers can beware if they have them?
    sec_monkey likes this.
  3. JohnSteven

    JohnSteven CHUNKY MUNKY

    I don't even HAVE a cell phone-
    not sure if I ever want one again.
    anything with "disclaimers" built in and absolving "agencies" of any responsibility / litigation against ANY use of the information associated with or transmitted through such a device....

    nope.... that can't be good.
    not good at all.
    Hanzo and sec_monkey like this.
  4. Hanzo

    Hanzo Monkey+++

    Everything has "disclaimers." Even our good forum here will have their set. Part of the "rules."
    Motomom34 likes this.
  5. JohnSteven

    JohnSteven CHUNKY MUNKY

    sure sure...
    but I (somehow) feel a little bit better about YOUR "disclaimer" than the NSA's....
    that's all...
    And in new cells it's "Right in There"...
    and... some rules should NEVER be made, especially when they're the unconstitutional kind... Right?
    Kinda like that GMO thing.... where it's considered a "Healthy food" act or something... to merely include a GMO without your knowledge. hence, disclosure is more honest.
    And they just SNEAK it (limited liability of the use of YOUR information) into more and more of their technology.
    Giving themselves full permission to do -Whatever- with it.
    Hanzo likes this.
  6. melbo

    melbo Hunter Gatherer Administrator Founding Member

    I had one app that was on the compromised list - Mercury Browser.
    Removed it, reset to factory, changed iCloud password from clean pc, restored phone. I would highly advise anyone on iOS to change their iCloud password if you think that you may have randomly been asked to input it recently.

    How do I protect myself against XcodeGhost?
    iOS users should immediately uninstall any infected iOS app listed here on their devices, or update to a newer version that has removed the malware. Resetting your iCloud password, and any other passwords inputted on your iOS device, is also strongly recommended as a precautionary measure.

    How does XcodeGhost put my iOS devices at risk?
    iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. The system and app information that can be collected includes:

    • Current time
    • Current infected app’s name
    • The app’s bundle identifier
    • Current device’s name and type
    • Current system’s language and country
    • Current device’s UUID
    • Network type

      Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions:
    • Prompt a fake alert dialog to phish user credentials;
    • Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
    • Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.

    The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.

    The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.

    Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.

    Here’s a list of known infected apps:
    • WeChat
    • Didi Chuxing
    • Angry Birds 2
    • NetEase
    • Micro Channel
    • IFlyTek input
    • Railway 12306
    • The Kitchen
    • Card Safe
    • CITIC Bank move card space
    • China Unicom Mobile Office
    • High German map
    • Jane book
    • Eyes Wide
    • Lifesmart
    • Mara Mara
    • Medicine to force
    • Himalayan
    • Pocket billing
    • Flush
    • Quick asked the doctor
    • Lazy weekend
    • Microblogging camera
    • Watercress reading
    • CamScanner
    • CamCard
    • SegmentFault
    • Stocks open class
    • Hot stock market
    • Three new board
    • The driver drops
    • OPlayer
    • Mercury
    • WinZip
    • Musical.ly
    • PDFReader
    • Perfect365
    • PDFReader Free
    • WhiteTile
    • IHexin
    • WinZip Standard
    • MoreLikers2
    • CamScanner Lite
    • MobileTicket
    • iVMS-4500
    • OPlayer Lite
    • QYER
    • golfsense
    • Ting
    • Golfsensehd
    • Wallpapers10000
    • CSMBP-AppStore
    • MSL108
    • TinyDeal.com
    • snapgrab copy
    • iOBD2
    • PocketScanner
    • CuteCUT
    • AmHexinForPad
    • SuperJewelsQuest2
    • air2
    • InstaFollower
    • CamScanner Pro
    • baba
    • WeLoop
    • DataMonitor
    • MSL070
    • nice dev
    • immtdchs
    • OPlayer
    • FlappyCircle
    • BiaoQingBao
    • SaveSnap
    • Guitar Master
    • jin
    • WinZip Sector
    • Quick Save
    Hanzo and sec_monkey like this.
  7. sec_monkey

    sec_monkey SM Security Administrator

    [tea] @M thanks

    One outfit claimed to have found over 3,400 compromised apps. [dunno] if that has been verified.
    Hanzo likes this.
  8. Motomom34

    Motomom34 Moderator Moderator Site Supporter++

    My son had an Iphone and all the apps were on. It was insane the amount of data he was burning thru. IMO it is thievery and stalking.
    Hanzo and sec_monkey like this.
survivalmonkey SSL seal        survivalmonkey.com warrant canary