211 total views
In 2015, hackers spread the malware into thousands of apps on the iPhone’s App Store. At the time, researchers believed the hack was likely to affect hundreds of millions of people, as it affected around 4,000 applications.
This has turned it into the hack that affects the largest number of iPhone users ever. As the years passed, the full scale of the hack was still unknown to the public. Some even think the real impact of the hack – known as XCodeGhost, the name of the malware used – will never be revealed.
But now, thanks to the emails published as part of the Apple test against Epic Games, we finally know how many iPhone users are affected: 128 million in total, 18 million out of which in U.S.A.
Another Apple employee wrote in the email: “China represents 55% of customers and 66% of downloads. As you can see, a significant number (18 million customers) in the US are affected. enjoy “.
The emails also indicate that Apple is trying to figure out the effects of the hack and is attempting to notify the victims.
“Due to the large number of customers at risk of being affected, would we like to send an email to all of you? Note that this will pose some challenges of email language localization, because the process of downloading these apps takes place in many App Store stores around the world ”- Matt Fischer, Apple’s vice president in charge of the App Store, wrote.
Dale Bagwell, Apple’s iTunes customer experience manager at the time, agreed that reaching out to all victims would be a challenge.
“We have a batch request tool that allows us to send emails, but we’re still experimenting to make sure we get the exact name of the app for each client. There have been problems. deals with this particular functionality in the past “- he wrote.” Also – I’d like to make it clear that this tool is very limited in terms of the number of emails it can handle. With such a large amount (128 million), we will likely have to spend up to a week sending these emails, so after localizing emails (it will take a few days), we will need less at most a week to send – if we use the “batch request tool”.
Today, it is common for companies to contact users directly about data breaches, and is considered the best practice. All states in the US have laws that require companies to notify victims.
Apple never revealed the exact number of victims, but at the time, it said it would notify them. On April 7, Motherboard quoted Apple as saying that it always informs users, but did not specifically state that it notified each victim.
“We are working closely with developers to bring affected apps back to the App Store as quickly as possible so that customers can experience them,” Apple replied when someone asked about the issue. since 2015.
While the number affected in this hack is very high, the malware is actually not too sophisticated and dangerous.
“We have no information that indicates this malware is dangerous or that this exploit will provide any personally identifiable information if it gets into a user’s device” – Apple wrote on the page. FAQ.
The hackers inserted the malicious code into a fake version of Xcode, Apple’s application development software, that allowed them to inject malicious code into thousands of applications.
Security firm Lookout reported at the time: “The creators of XcodeGhost repackaged the Xcode installers with malicious code and published links to the installer on many popular developer forums. iOS / OS X development
The developers were lured into downloading this fake version of Xcode because it will load much faster in China than the official version of Xcode from Apple’s Mac App Store.
Apple has always made a good impression on security. However, when a specific security incident occurred, the company was not willing to speak openly and openly. So these emails, which were only discovered in Epic v beta. Apple Fortnite, lift the curtain so that people can see more fully about the damage caused by the hack as well as details about how Apple handled this problem.
According to Lookout, the malware is designed to steal some of the victim’s personal information, such as the name of the infected application, the application package identifier, the name and type of the device, and network information. and the “identifierForVendor” of the Device.
At the time, Apple said on the FAQ page that “we do not know the customer’s personally identifiable data is being affected, and the code is also not capable of requesting customer credentials to obtain iCloud and other service passwords. Malicious code can only provide certain general information such as general system information and applications.
Apple also revealed malicious apps, some extremely popular ones like WeChat and China’s version of Angry Birds 2.
#Reveals #details #biggest #hack #Apples #history #affecting #hundreds #millions #iPhone #users