IT Security
Leave a Comment

On The Apple App Store Hack

written by Pierluigi Stella

http://bbc.in/1QslGgA

Talking about the above, the Apple story is indeed surprising in 2 different ways.

First, the hackers changed the libraries for Apple API in such a way that wasn’t possible to distinguish them from the original ones.  Then Apple had to miss that these apps were delivering malware, which is unusual given the very strict procedures they undergo before an app is admitted to their store.  I (almost) feel like complimenting the hackers for such cleverness.

From a security standpoint, there really isn’t that much to say.

If you’re a developer, and you choose to download the development toolkit from anywhere but the Apple site/store itself, then you should know you’re running a risk.  I’d say it’s almost a dead certainty; why would anyone want to host the toolkit on their website?  And when ever has Apple authorized such a thing?

The reason (rationale) adduced in the article – downloads from China are slow – is, quite simply put, ludicrous.

If they are on the slow side of things, Apple should set up some local CDN servers to distribute their code locally and reduce the lag; the servers would still be under their strict control.  If they haven’t, then this one’s on Apple.

2015_09.22.2015_on-the-apple-app-store-hack-2

It’s really painful to download anything from a server halfway across the world.  The sheer latency from Houston to HK is around 200 milliseconds, making it 10 times higher than a normal latency between 2 sites within the US.   I know that the developers should’ve been more careful, but putting myself in their shoes, I can see why they were easily swayed to use the ‘local’ server.

Downloading the toolkit from China shouldn’t be so painful that legitimate companies resort to using local, unknown servers, ending up victims of this hack.

This entry was posted in: IT Security

by

Our mission is to produce, configure and maintain effective, affordable, computer security systems to protect the computer systems of enterprises of all sizes. We believe that all companies, regardless of size, should be afforded the same level of protection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s