多个苹果APP感染恶意代码
时间:2015-09-22 00:36:07
搜索关注在线英语听力室公众号:tingroom,领取免费英语资料大礼包。
(单词翻译)
Reporter:
Over 350 iOS apps have been
affected1 by the
hacking3, including the widly used baidu music, wechat, and ride-haling didi.
Experts say this attack is so secret that it escaped apple's
vetting4 process.
The
hack2 hinges around Xcode, a tool used to create apps for iOS.
The problem starts when some programmers don't use the Xcode program officially supplied by Apple Inc.
Instead, they downloaded Xcode program through other channels, in which has been implanted
malicious5 code.
Cai Jingjing is from the Expert Committee of the National Vulnerability Database of Information Security.
多个苹果APP感染恶意代码
He says apps constructed with the verified Xcode may be infected with malware.
"We wrote several simple codes with the infected Xcode, like hello world, and then compiled them into a program. A reverse analysis of the program shows the program is implanted with malicious code."
Cai says once apps developed from the verified Xcode are downloaded into the phone, they will collect the phone's information, such as the name of the device, the network type, and its location.
These private information will then be uploaded to a designated website.
On early Saturday morning, an indentified programmer claimed responsibility for the incident.
He made clarification online,
justifying6 his actions as just an experiment, with no aim to spread a virus.
However, Lin Wei, phone security expert, doesn't believe what the programmer says, and suspects him of using the malicious codes for commercial uses.
"We found on September 10 that a massive amount of users had been affected by an app that's very popular domestically. It had been programed with malicious code, and the data had been sent back to the main engine of the virus attacker and finally led to its
collapse7. The programmer was a littler fearful, and deleted and withdrew the code."
Apple has asked affected programmers to withdrew their infected Apps, and advised them to re-program with official Xcode.
So far, no financial losses have been reported.
Experts suggest iPhone users check their apps and delete infected apps, or at least download the latest version. Meanwhile, users are advised to change their passwords for the App Store and for iCloud.
For CRI, this is Sophie Williams .
分享到: