Apple Store Hacks: Is Malware Coming?
I personally have not owned a Mac in years, not since I think I had a Mac CI, and bought a 1 MB HD for $999 (sigh, those were VERY expensive days eh) and so for me the launch of the new Apple Store is not news at all. Been there, done that and to be totally honest if your client base is ALL in the PC world, you’d be foolish we felt back in the early 90′s to fight that kind of momentum. So we sold our Macs and bought PCs…and tho I do still like the look & feel of a Mac, I live, breathe and die by the PC (personal disclaimer off).
So, why this post? Well, as many of you regular readers here know, I follow the fine folks over at Sophos daily and there’s a new post just up by Chester Wisniewski on the Naked Security site, on the new Apple Store and how easy it is to hack — which in his opinon will of course lead to malware and virus infections yet to come…
“Unfortunately, many of the applications in the App Store can be pirated without payment. Developers of applications like Angry Birds appear to have ignored Apple’s advice on validating App Store receipts before launching.
What does this mean? It allows people to reconfigure a paid application to run on other people’s Apple IDs without requiring them to purchase the app…”
Chester goes on at some length too, to both show you via a video just how easy it is to hack the site via the Angry Birds application….and as I watched I realized that many many hacker idiots would also be watching and then turn to just such a methodology to infect Mac users (not me tho!).
And my point is — should he have shown this very easy method that any hacker can copy and then infect Mac after Mac….ie is this the best use of this Mac Store News?
Yes. Plain and simple, if I too found such notice, I too would publically show same….and my figuring is hopefully mirroring Chesters. That for a security criticism to gain some klout, it needs to be widely distributed, via blogs and social networks. It needs to point out both the issue and the rationale for why this issue needs to be both fixed and at the same time acknowledged as a security issue by in this case, Apple themselves. I should also point out that while this News is out there, that I found it FIRST at Sophos as they once again lead the pack so well done lads!
Chester adds this at the end of his blog piece too…
“The Mac App Store may introduce you to interesting new programs you would like to run on OS X without paying, but you should always be cautious of getting something for nothing. Someone who claims to provide you with paid applications for free may not simply give you a free program, they may give you an unwanted infection…”
Perhaps as always from Chester and the folks over at Sophos the part about the “cautios of getting something for nothing” speaks volumes for todays internet users, eh! So if you’re a Mac user, listen up!
Other online spots that offer up more “news” of the Apple Store launch are here….
- Techcrunch’s “Hours After Launch, Lackluster Apps Inspire A “Worst Of” The Mac App Store”
- Gizmodo’s “Mac App Store Cracked Open For Privacy”
- PCWorld’s “Mac App Store Pirate Raid Raises Security Concerns”