Partners Unfazed By Widespread Malware Attack On Apple Mobile Apps
Apple faced the first large-scale security breach of apps in its iOS App Store on Sunday through malware called XcodeGhost, according to Palo Alto Networks.
According to Palo Alto, at least three dozen Chinese-based applications became infected by XcodeGhost malware after software developers used an unauthorized version of Apple's developer tool kit. After the XcodeGhost embedded malicious code onto these apps, personal device and app information could be uploaded to the malware's command and control server.
While no specific number was confirmed, Palo Alto stated in a blog post that the breach could affect hundreds of millions of iOS users. Apple did respond to a request for comment on the attack before publication.
[Related: 5 Questions Partners Still Have About The Groundbreaking Apple-Cisco Partnership]
But Apple partners said they still believe Apple's products are secure for enterprise customers. One such partner, Michael Oh, chief technology officer and founder of Boston-based TSP LLC, said he has not heard any concerns from his customer base on the security breach.
"Apple has good security, but hackers have gone further up the chain," Oh said. "Apple has developer certificates and a strong App Store review process, and they hadn't anticipated this version of malware. It certainly brings up a question of how many innovative hacking techniques these hackers can come up with."
Before the XcodeGhost attack, only five malicious apps had ever been found in the App Store, according to Palo Alto.
Apple is known for its tight app development security standards, making its apps almost "bulletproof," according to Marc Wolfe, president of ProActive Inc., a Wayne, N.J.-based solution provider.
"Apple is pretty tight on their rules for apps, but a lot of hackers are getting smarter as well," said Wolfe. "This doesn't look good from the perspective that people perceived Apple's security as bulletproof, but people should keep in mind that it took a long time and a lot of work for these hackers to work around what Apple's put in place, and Apple's working to take care of it quickly.
According to the 2015 Verizon Data Breach Report, 96 percent of mobile malware was targeted at the Android platform as opposed to Apple's iOS, and more than 5 billion downloaded Android apps are vulnerable to remote attacks. The report also stated that mobile devices are not a preferred vector in data breaches.
The security of Apple comes as no surprise, because of the Cupertino, Calif.-based company's high level of quality control over the apps in its App Store, said Jack Narcotta, devices analyst at Technology Business Research Inc.
"Apple's track record has been pretty good. … Its control over its App Store has been strict," he said. "By and large, Apple tends to be compared to Google, but Google in the last 18 months has really been trying to turn it around by putting more controls in place."
The App Store malware attack comes as Apple places a firmer emphasis on pushing its products into the enterprise market, recently making an announcement that it would partner with Cisco for tighter integration between Apple iPhones and iPads, and Cisco enterprise collaboration products.
However, Narcotta said, he doesn't see the breach impacting Apple's relationship with enterprise clients.
"I don’t see [the breach] impacting their relationship with the enterprise at all," said Narcotta. "As a CIO, you have to ask questions about security, but I think many CIOs recognize that Apple has a process in place to lock this down."
PUBLISHED SEPT. 21, 2015