Malicious app penetrates iTunes store to test security

Discussion in 'User Submitted News' started by shakirmoledina, Nov 8, 2011.

  1. shakirmoledina
    OP

    Member shakirmoledina Legend

    Joined:
    Oct 23, 2004
    Messages:
    6,611
    Location:
    Dar es Salaam
    Country:
    Tanzania
    Source

    I disagree with his methods. Its like lulzsec, hack and show vulnerability. Talk to apple officially and explain the situation to help them and not the real hackers.
    Its like throwing a rock at a glass window and saying its weak. Talk to the owner of the glass about the weakness rather than breaking it.

    Do you think Apple has the right to do what it did?
     


  2. soulx

    Member soulx GBAtemp Legend

    Joined:
    Apr 4, 2009
    Messages:
    10,130
    Country:
    Canada
    The funny thing is most corporations react harshly when you tell them about their security problems. It seems the only way to get anything done is to disclose it publicly.
     
    4 people like this.
  3. tijntje_7

    Member tijntje_7 GBAtemp Advanced Fan

    Joined:
    Jul 26, 2008
    Messages:
    538
    Location:
    Under your bed
    Country:
    Netherlands
    I'm rather sorry good sir, but our glass is made in the finest factories of America.
    This is well reinforced glass. We are sure this glass isn't weak.

    (good luck)
     
    3 people like this.
  4. pistone

    Member pistone GBAtemp Advanced Fan

    Joined:
    Feb 18, 2010
    Messages:
    504
    Location:
    in your heart...coz secretly you love me !!!!
    Country:
    Albania
    stupid thing to do
    you find a bug ,report it and wait ,if you do that for 2-3 times there is a chance to get e new high payed work ;)
     
  5. nando

    Member nando GBAtemp Addict

    Joined:
    Jan 1, 2008
    Messages:
    2,072
    Country:
    United States
    he should try breaking into a bank and stealing their money to show how the banks security is faulty then await praise.
     
    2 people like this.
  6. Thesolcity

    Member Thesolcity Wherever the light shines, it casts a shadow.

    Joined:
    Oct 2, 2010
    Messages:
    2,146
    Location:
    San Miguel
    Country:
    United States
    Or you get a company with its head shoved so far up its ass that it doesn't believe that it IS an exploit. Public disclosure gets guaranteed results.
     
    1 person likes this.
  7. pistone

    Member pistone GBAtemp Advanced Fan

    Joined:
    Feb 18, 2010
    Messages:
    504
    Location:
    in your heart...coz secretly you love me !!!!
    Country:
    Albania
    i dont thing there is a company on earth ) that believes that an exploid to one of its products (software the mostly) is unhackable (..........ecept google .........you cant hack google ....google hacks you
    apple the most as every ios apple has released was hack in some min (or even before its official release )
     
  8. mercluke

    Member mercluke ‮҉

    Joined:
    Dec 2, 2007
    Messages:
    3,161
    Location:
    Perth
    Country:
    Australia
    this, definitely this
    couldn't have put it better myself :P
     
  9. Ron

    Member Ron somehow a weeb now.

    Joined:
    Dec 10, 2009
    Messages:
    2,837
    Location:
    here
    Country:
    Canada
    This man is a genius.

    Though, I'm kinda scared to download apps now.. Even though I have no contact info on my iPod..
     
  10. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    On one hand, the idea of the App Store is to have a steady flow of quickly-made applications and to distribute them with ease, so quality control and code control suffers. On the other, people who submit applications to the store share their adress and personal information with Apple for billing purposes. Provided there was damage done by a given App, Apple would be on the developer's ass in mere hours after the first report, and guess who'd be charged for the damages?

    This application did no damage anything though though, it stole information, which makes it malicious in an entirely different fashion, which is a matter for concern. Perhaps the "Straight to the client" model of buisness should be revised, it's not the first time Apple sold something they weren't supposed to. Last time it was that game which depicted children working in factories to build iPads... Quality Control, yay!
     
  11. GreatZimkogway

    Member GreatZimkogway Touhou Fanatic

    Joined:
    Jul 21, 2009
    Messages:
    2,140
    Location:
    Imoriata
    Country:
    United States
    Foolish. Foolish to think they are the same at all. Breaking into a bank and stealing money does not equal putting malware on an app store. Two vastly different subjects, one is stealing, one is spreading a bad code. Furthermore, Apple does not equal a bank. For one thing, Apple probably has more money then that bank. But that's semantics. It's more that a store is not a bank.

    Plus, it was done to prove a point to a company that's got too big of a head. They are vulnerable, and this is the only way to make them see that.

    EDIT: Final note, the maker said that the app could steal information. Did he ever actually have it do anything with that information? Did he ever get that information? I'm curious on that, if the code was ever acted upon.(Not like browsers don't already do all of this anyway...)
     
  12. Foxi4

    Reporter Foxi4 On the hunt...

    pip
    Joined:
    Sep 13, 2009
    Messages:
    22,736
    Location:
    Gaming Grotto
    Country:
    Poland
    Companies "collect" information all the time, by the way. By accepting an End-User License you haven't fully read, you expose yourself to what's called "Information Market". Your information may be collected and "sold" to companies which deal with marketing you might end up with a hefty ammount of spam, but a grand heist a'la "stealing credit card information and stripping everyone who bought the App of their money" is unlikely due to what I mentioned in my previous post.

    Apple collects information all the time for purposes not disclosed, even for example latest positioning of an iPhone. Google does the exact same thing. You're just not aware of that process, but it is likely you actually agreed to it.
     
  13. Jamstruth

    Member Jamstruth Secondary Feline Anthropomorph

    Joined:
    Apr 23, 2009
    Messages:
    3,456
    Location:
    North East Scotland
    Country:
    United Kingdom
    This isn't an "exploit" as people are comparing it to. Its just showing that Apple don't check the submitted apps as thoroughly as they'd have us believe. The problem is in the human approving the app.
     
  14. ferofax

    Member ferofax End of the World

    Joined:
    Jan 26, 2009
    Messages:
    2,564
    Location:
    Philippines
    Country:
    Philippines
    bad analogy. and he does not want praise, he wants the flaw to be acknowledged and taken seriously.

    the problem with big companies is, unless they paid you for your opinion, your opinion does not matter to them, regardless if whether or not that opinion is backed up by incontrovertible fact. it sounds underhanded, but sometimes doing it this way is the only way for them to take your warning seriously. and if you wanted them to know about it, then it's clearly a warning, and not a threat. the way i see it, there's no malicious intention behind this "hacking" incident, although private data may have been compromised. but that "compromised private data" is exactly the point he wanted to make.
     
  15. Janthran

    Member Janthran Solarian

    Joined:
    Sep 17, 2011
    Messages:
    3,777
    Location:
    The Pacific Northwet
    Country:
    United States
    Pshh. He doesn't need to, he can steal credit cards from the Apple Store.
     
    1 person likes this.
  16. The Milkman

    Member The Milkman GBATemp's Official Asshat Milkman

    Joined:
    Jan 12, 2011
    Messages:
    3,471
    Location:
    Throwing milk at the bitches!
    Country:
    United States
    Am I the only one how thinks Anon. has something to do with this :I
     
  17. shakirmoledina
    OP

    Member shakirmoledina Legend

    Joined:
    Oct 23, 2004
    Messages:
    6,611
    Location:
    Dar es Salaam
    Country:
    Tanzania
    many bank robbery movies are really famous so i can guess it does receive praise though not in real life.
    imagine the robber robbing and coming out with nothing but proof that he did it.
     
  18. OJClock

    Member OJClock GBAtemp Regular

    Joined:
    Oct 4, 2008
    Messages:
    130
    Country:
    United States
    usually hackers send an email to the company alerting them of the hack and wait a certain number of days for no response to reveal it/release it forcing the company to act
     
  19. ShadowSoldier

    Member ShadowSoldier GBAtemp Guru

    Joined:
    Oct 8, 2009
    Messages:
    9,383
    Country:
    Canada
    Wow. That's completely different than what he did here.
     
  20. The_Dragons_Mast

    Member The_Dragons_Mast GBAtemp Advanced Fan

    Joined:
    Apr 20, 2007
    Messages:
    613
    Country:
    Egypt
    From what I read his app never actually stole anything it was just able to do so if he wanted so a more accurate analogy would be he entered a bank , sneaked to the safe & then notified the bank manager that he was inside able to steal anything he wanted & no one noticed
     

Share This Page