What is the case with the Apple software poisoning that was mentioned two days ago?

Source: Internet
Author: User

Today, I saw some people found that some of the software in Apple's mobile phone has the problem of stealing account information, the following information is collected on the Internet, and the approximate reason and treatment plan are described. The elaboration of this article will be more easy to understand.

How to get infected.

Everyone on the theft of account information is called mobile poisoning, simply said that the software used by non-software in some way to embed the program should not have the code, the code can get the user's information, or even forge a dialogue, such as downloading a music when prompted to enter the App Store password to download. The reason for poisoning stems from trust.

We all know that developing a software requires tools, tools for writing code, tools for compiling code, and so on. Developing the software on the iphone requires Apple to provide the tools for compiling and executing the code, called Xcode. Xcode file is big, because Apple in China (as if) there is no server, the programmer download Xcode speed is very slow, and this file is like a regular movie, can be placed on various network disk. So someone put the downloaded Xcode on the network disk or other domestic download fast server.

The problem is that this unofficial download of Xcode may have been switched, may have been before the download has been switched, or may be downloaded at the time of the swap. The engineer uses the swapped Xcode to write the program, and the final compilation phase is implanted into the malicious program.

For example, NetEase Cloud Music development Engineer from the non-official website channel Download a Xcode, they developed a good iphone NetEase cloud music player, upload to the App Store, then in fact, we downloaded the NetEase cloud music is containing the virus, It can steal your operating information when using NetEase cloud music, of course, you can pop out a prompt box, let you enter the App Store password, even can make some more dangerous, such as to get your credit card funds and other operations.

How to prevent and defend

It is understood that the information collected by hackers uploaded to a Web site for the init.icloud-analysis.com server, the current site has been blocked, but not to determine whether the hacker has retained other channels.

From the above analysis, we can know that even the App Store software is not safe, more regardless of some children's shoes are directly from the unofficial channel download software. So:

    • Software Engineer in the development of the time must be downloaded from the official website Xcode, or use the Verification tool check the SHA1 code is accurate, the problem of XCODE6.4.DMG SHA1 is a836d8fa0fce198e061b7b38b826178b44c053a8 , no problem is 672e3dcb7727fc6db071e5a8528b70aa03900bb0 .
    • Users should be concerned about the security information, the existing problem of the software immediately delete, or download the official version of the software
    • Modify the App Store password and credit card password

The best defense is that Apple can provide a way to withstand this program, such as quickly providing a new version of the Apple system to allow users to upgrade instantly.

Related reading
    • White hat says things http://drops.wooyun.org/news/8864
    • Follow http://www.zhihu.com/question/35721299

This article goes to self-personal website: http://www.barretlee.com/blog/2015/09/18/what-is-wrong-with-apple/

What is the case with the Apple software poisoning that was mentioned two days ago?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.