Researchers discover a backdoor in 2846 iOS Apps which can allow full access to hackers
FireEye researchers have discovered that thousands of Apps listed on Apple App Store have a backdoor which can allow malicious actors access to sensitive user data and device functionality. The research was conducted a team of security researchers from FireEye comprising of Zhaofeng Chen, Adrian Mettler, Peter Gilbert and Yong Kang which is published on its website today.
According to the researchers, thousands of iOS Apps which are vetted by the Apple security team and listed on Apple App Store contain such a backdoor. The malicious Apps have a potential “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store according to the researchers.
- Capture audio and screenshots
- Monitor and upload device location
- Read/delete/create/modify files in the app’s data container
- Read/write/reset the app’s keychain (e.g., app password storage)
- Post encrypted data to remote servers
- Open URL schemes to identify and launch other apps installed on the device
- “Side-load” non-App Store apps by prompting the user to click an “Install” button
There researchers found that the offending ad library is a version of the mobiSage SDK. They found 17 distinct versions of the potentially backdoored ad library: version codes 5.3.3 to 6.4.4. However, in the latest mobiSage SDK publicly released by adSage – version 7.0.5 – the potential backdoors are not present. It is unclear whether the potentially backdoored versions of the ad library were released by adSage or if they were created and/or compromised by a malicious third party.
FireEye says that they have informed Apple of the complete list of affected apps and technical details on October 21, 2015.