Cyber Catch Up

Here’s a recap of what you missed last week in cyber.

The charge that Beijing was behind the theft of the personal data of more than 20 million federal workers could become a primary topic for an important visit from China’s President Xi with hacking to shadow the China summit. At the start of President Xi’s visit, he sought to reassure American companies that his government was committed to protecting the interests of foreign companies and fighting cybercrime. But was it all double talk? Speaking of stolen personal data, it is reported that OPM underestimated the number of fingerprints stolen by approximately 4 million. The government now estimates this number to be 5.6 million.

Big news this week was Apple’s confirmation of the the discovery of malicious code in some App Store products. The Washington Post reported that the Obama administration has been exploring ways to bypass smartphone encryption to allow access to law enforcement. Also this week, a campaign was launched by a group of privacy advocates including former NSA whistleblower Edward Snowden for a new global treaty against government mass surveillance. Business advisory firm Grant Thornton International, released a report that indicates that global cybercrime has cost $315 billion over the past 12 months.

In policy news, cyber crime laws are showing their age and some are badly outdated, including the Computer Fraud and Abuse Act (CFAA) of 1986. Senator Ron Wyden of Oregon announced this week that the Section 603 provision on terrorist activity was removed from the 2016 Intelligence Authorization Act. Finally, a federal judge ruled this week that forcing suspects to give up their cell phone passwords is a violation of the constitutional right against self-incrimination.

Screen Shot 2015-09-30 at 12.36.23 PMRebecca Foss is the Director of Social Media at the University of Maryland University College (UMUC). In her current role, she is working with stakeholders across the university to develop the overall strategic approach in using social media platforms and tools globally for UMUC. She has over 15 years of marketing and communications experience and has been involved with championing social media initiatives since the early stages of the medium’s existence in 2007. Rebecca specializes in content management, creation, and curation and serves as co-editor of the Cyber Connections blog. 

Student View: The App store has been attacked. Should you worry ?

Palo Alto Networks, a security firm based in Santa Clara, California, announced on Sunday September 21, 2015 that Apple’s App Store has been compromised and more than 80 malicious apps have been inserted to the store by hackers. This is a big deal since according to multiple sources, only 5 malicious apps have been found in the store since its first launch in July of 2008.  As of today, this major security breach affects the Chinese version of the App Store. Cybersecurity experts agree that this is a game changer for the trusted App Store.

What is the App Store ?

The App Store is the one-stop-shop for applications (apps) use on iPhone, iPad and iPod Touch. The store allows users to buy or download apps. It is in the same place where iOS devices receive updates. It is worth noting that the users may chose to apply these updates or ignore them.

How do apps get into App Store ?

iOS, the operating system that runs iPhone, iPad and iPod Touch does have some native applications (apps) such as Maps, Calendar, iBook and the App Store itself. Additional apps enhance the usability of the these devices for users. This is where app developers come into play. According to Palo Alto and Apple, some developers in China downloaded a fake version of Xcode, called XcodeGhost. Xcode is the apps development platform distributed by Apple.

Xcode helps developers in the process of building new apps and allows the developers to submit their app to Apple for the review process. If the app is approved, it is published in the App Store and available to iOS device owners. For the record, there is nothing worse for an application than the code being compromised. XcodeGhost injects malicious code in Apps developed from the rogue platform.

How developers downloaded XcodeGhost instead of Xcode is unclear, but there are several scenarios that may have happened:

  1. Search engine poisoning: This attack takes advantage of the fact that a group of people may be searching for the same thing, in this case developers. The attackers may setup a rogue website that indicates that clicking on the link will allow the developer to download Xcode, but the link actually takes the developer to the Xcode Ghost download.
  2. Rogue ftp website: In the developers community, downloading Xcode takes a great deal of time. The developers may chose to go with an easy to download alternative site and get tricked into downloading XcodeGhost.
  3. Spear Phishing Attack: The attackers may target a specific list of known developers and provide information about Apple products and regularly update these developers through email until they receive the fake link.

What now?

The affected apps are able to collect a great deal of information including phone location, device name, network type, and more. Apple has managed to remove the known apps from the App Store. You should always keep all your apps updated to avoid attackers exploiting known vulnerabilities. If you worry about this particular attack, you can always check out the list of the affected apps.

FullSizeRender (1)Tapoko Honore is a world class IT Support Analyst for UMUC where he started as student worker. Tapoko studied computer science for 3 years in Cameroon before arriving in the United States in 2008.  He is currently ITIL  V3, Security +, SSCP and HDI certified. He received B.S. in Computer Information Technology at UMUC in 2014 and is a current UMUC student studying to complete his M.S. in Cybersecurity. He decided to continue his education because it was a logical evolution in his career and he also aspires to teach Information Systems and Cybersecurity.