Malicious app penetrates iTunes store to test security

Discussion in 'User Submitted News' started by shakirmoledina, Nov 8, 2011.

  1. shakirmoledina
    OP

    shakirmoledina Legend

    Member
    6,611
    218
    Oct 23, 2004
    Tanzania
    Dar es Salaam
    Source

    I disagree with his methods. Its like lulzsec, hack and show vulnerability. Talk to apple officially and explain the situation to help them and not the real hackers.
    Its like throwing a rock at a glass window and saying its weak. Talk to the owner of the glass about the weakness rather than breaking it.

    Do you think Apple has the right to do what it did?
     
  2. soulx

    soulx GBAtemp Legend

    Member
    10,130
    4,708
    Apr 4, 2009
    Canada
    The funny thing is most corporations react harshly when you tell them about their security problems. It seems the only way to get anything done is to disclose it publicly.
     
    4 people like this.
  3. tijntje_7

    tijntje_7 GBAtemp Advanced Fan

    Member
    538
    8
    Jul 26, 2008
    Netherlands
    Under your bed
    I'm rather sorry good sir, but our glass is made in the finest factories of America.
    This is well reinforced glass. We are sure this glass isn't weak.

    (good luck)
     
    3 people like this.
  4. pistone

    pistone GBAtemp Advanced Fan

    Member
    506
    57
    Feb 18, 2010
    Albania
    in your heart...coz secretly you love me !!!!
    stupid thing to do
    you find a bug ,report it and wait ,if you do that for 2-3 times there is a chance to get e new high payed work ;)
     
  5. nando

    nando GBAtemp Addict

    Member
    2,131
    395
    Jan 1, 2008
    United States
    he should try breaking into a bank and stealing their money to show how the banks security is faulty then await praise.
     
    2 people like this.
  6. Thesolcity

    Thesolcity Wherever the light shines, it casts a shadow.

    Member
    2,159
    598
    Oct 2, 2010
    United States
    San Miguel
    Or you get a company with its head shoved so far up its ass that it doesn't believe that it IS an exploit. Public disclosure gets guaranteed results.
     
    1 person likes this.
  7. pistone

    pistone GBAtemp Advanced Fan

    Member
    506
    57
    Feb 18, 2010
    Albania
    in your heart...coz secretly you love me !!!!
    i dont thing there is a company on earth ) that believes that an exploid to one of its products (software the mostly) is unhackable (..........ecept google .........you cant hack google ....google hacks you
    apple the most as every ios apple has released was hack in some min (or even before its official release )
     
  8. mercluke

    mercluke ‮҉

    Member
    3,163
    172
    Dec 2, 2007
    Perth
    this, definitely this
    couldn't have put it better myself :P
     
  9. Ron

    Ron somehow a weeb now.

    Member
    2,840
    388
    Dec 10, 2009
    Canada
    here
    This man is a genius.

    Though, I'm kinda scared to download apps now.. Even though I have no contact info on my iPod..
     
  10. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,593
    21,605
    Sep 13, 2009
    Poland
    Gaming Grotto
    On one hand, the idea of the App Store is to have a steady flow of quickly-made applications and to distribute them with ease, so quality control and code control suffers. On the other, people who submit applications to the store share their adress and personal information with Apple for billing purposes. Provided there was damage done by a given App, Apple would be on the developer's ass in mere hours after the first report, and guess who'd be charged for the damages?

    This application did no damage anything though though, it stole information, which makes it malicious in an entirely different fashion, which is a matter for concern. Perhaps the "Straight to the client" model of buisness should be revised, it's not the first time Apple sold something they weren't supposed to. Last time it was that game which depicted children working in factories to build iPads... Quality Control, yay!
     
  11. GreatZimkogway

    GreatZimkogway Still a Touhou Fanatic

    Member
    2,140
    172
    Jul 21, 2009
    United States
    Senkai
    Foolish. Foolish to think they are the same at all. Breaking into a bank and stealing money does not equal putting malware on an app store. Two vastly different subjects, one is stealing, one is spreading a bad code. Furthermore, Apple does not equal a bank. For one thing, Apple probably has more money then that bank. But that's semantics. It's more that a store is not a bank.

    Plus, it was done to prove a point to a company that's got too big of a head. They are vulnerable, and this is the only way to make them see that.

    EDIT: Final note, the maker said that the app could steal information. Did he ever actually have it do anything with that information? Did he ever get that information? I'm curious on that, if the code was ever acted upon.(Not like browsers don't already do all of this anyway...)
     
  12. Foxi4

    Foxi4 On the hunt...

    pip Reporter
    23,593
    21,605
    Sep 13, 2009
    Poland
    Gaming Grotto
    Companies "collect" information all the time, by the way. By accepting an End-User License you haven't fully read, you expose yourself to what's called "Information Market". Your information may be collected and "sold" to companies which deal with marketing you might end up with a hefty ammount of spam, but a grand heist a'la "stealing credit card information and stripping everyone who bought the App of their money" is unlikely due to what I mentioned in my previous post.

    Apple collects information all the time for purposes not disclosed, even for example latest positioning of an iPhone. Google does the exact same thing. You're just not aware of that process, but it is likely you actually agreed to it.
     
  13. Jamstruth

    Jamstruth Secondary Feline Anthropomorph

    Member
    3,456
    185
    Apr 23, 2009
    North East Scotland
    This isn't an "exploit" as people are comparing it to. Its just showing that Apple don't check the submitted apps as thoroughly as they'd have us believe. The problem is in the human approving the app.
     
  14. ferofax

    ferofax End of the World

    Member
    2,566
    437
    Jan 26, 2009
    Philippines
    bad analogy. and he does not want praise, he wants the flaw to be acknowledged and taken seriously.

    the problem with big companies is, unless they paid you for your opinion, your opinion does not matter to them, regardless if whether or not that opinion is backed up by incontrovertible fact. it sounds underhanded, but sometimes doing it this way is the only way for them to take your warning seriously. and if you wanted them to know about it, then it's clearly a warning, and not a threat. the way i see it, there's no malicious intention behind this "hacking" incident, although private data may have been compromised. but that "compromised private data" is exactly the point he wanted to make.
     
  15. Janthran

    Janthran Solarian

    Member
    3,777
    1,044
    Sep 17, 2011
    United States
    The Pacific Northwet
    Pshh. He doesn't need to, he can steal credit cards from the Apple Store.
     
    1 person likes this.
  16. The Milkman

    The Milkman GBATemp's Official Asshat Milkman

    Member
    3,471
    1,113
    Jan 12, 2011
    United States
    Throwing milk at the bitches!
    Am I the only one how thinks Anon. has something to do with this :I
     
  17. shakirmoledina
    OP

    shakirmoledina Legend

    Member
    6,611
    218
    Oct 23, 2004
    Tanzania
    Dar es Salaam
    many bank robbery movies are really famous so i can guess it does receive praise though not in real life.
    imagine the robber robbing and coming out with nothing but proof that he did it.
     
  18. OJClock

    OJClock _____________

    Member
    131
    13
    Oct 4, 2008
    United States
    usually hackers send an email to the company alerting them of the hack and wait a certain number of days for no response to reveal it/release it forcing the company to act
     
  19. ShadowSoldier

    ShadowSoldier GBAtemp Guru

    Member
    9,383
    3,300
    Oct 8, 2009
    Canada
    Wow. That's completely different than what he did here.
     
  20. The_Dragons_Mast

    The_Dragons_Mast GBAtemp Advanced Fan

    Member
    614
    19
    Apr 20, 2007
    Egypt
    From what I read his app never actually stole anything it was just able to do so if he wanted so a more accurate analogy would be he entered a bank , sneaked to the safe & then notified the bank manager that he was inside able to steal anything he wanted & no one noticed