Users Report Foul Play In App Store Rankings, Purchases 144
An anonymous reader writes "Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. The rankings in the books category of the US iTunes store features 40 out of 50 apps by the same app developer, Thuat Nguyen. What's more concerning is that it seems individuals' iTunes accounts have been hacked to make mass purchases of that one developer's apps." Among the comments attached to the linked story is one which suggests the security problem may lie elsewhere.
Hrm (Score:4, Insightful)
Re:Hrm (Score:2, Insightful)
Re:Hrm (Score:5, Insightful)
Not trying to justify iTunes - I hate it. Just saying that I doubt its any more 'hackable' than the next online store.
Re:Hrm (Score:5, Insightful)
Not liking assholes and viewing greed as a negative human quality doesn't necessarily make one a communist.
Sounds like phishing... (Score:5, Insightful)
Any bets? Sounds like there were suddenly a bunch of phished accounts that got "activated."
Re:Possible details from AppleInsider (Score:2, Insightful)
More details here though so far there's no explanation of how the accounts are getting hacked.
It's not hard to guess: Average people use the same password for just about everything, or simple permutations of the same password. Get access to any source that the user entered a password for, gain access to everything else.
Re:Hrm (Score:4, Insightful)
Exactly.
It's kind of like blaming Blizzard for people's WoW accounts getting hacked. Your account has something someone wants, they'll try to get it. If you use weak passwords, well, no one's fault but your own there.
Re:Sounds like phishing... (Score:2, Insightful)
I hate to think that 20 years from now we will still have people all around the world falling victim to phishing. Everyday I get princes and princesses from all around the world that need my help in transferring millions of dollars to the US. Every time I delete the email, I think, "lots of people are falling for this today and losing their money....sad!"
Re:Hrm (Score:4, Insightful)
In reality, most of the time it's neither party's fault -- The recent Adobe Flash exploit hurt a lot of people as they targeted flash advertisements for wow websites... even legitimate websites could be infected as they have to show advertisements to stay in business.
Thankfully, Blizzard realizes that blaming end-users when a large, large percentage did not 'ask' for it, only costs the company money in the end when users stop using their service.
Re:Hrm (Score:3, Insightful)
Re:Jobs answer (Score:0, Insightful)
This joke DOESN'T MAKE SENSE. Stop modding bullshit.
Re:The hell? (Score:3, Insightful)
You've been Steeved! (Score:4, Insightful)
Other problem with iTunes, "All sales are final." ....
From Terms and conditions, security section:
"You are entirely responsible for all activities that occur on or through your Account, and you agree to immediately notify Apple of any unauthorized use of your Account or any other breach of security. Apple shall not be responsible for any losses arising out of the unauthorized use of your Account. "
That's so Steve Jobs.
Re:Hrm (Score:5, Insightful)
I fail to see what relevance Apple (much less Steve Jobs personally) has here. This is about hacked user accounts. This kind of thing is an unfortunate fact of life, keeping in mind that social engineering attacks take up the majority in security breaches. There's only so much Apple can do to mitigate this, and I don't see that they missed anything.
Heck, if anything, Apple's "walled garden" model - for all my dislike of it - is most efficient at dealing with these kinds of abuses. When malware authors have to go to the effort of hacking user accounts to get their crap shoved at users, you know they're tight against the wall already. In comparison, with Android, you just call yourself "Googe" (note spelling) and upload your malware directly [androlib.com].
(How do I know it's malware? I haven't installed it, of course - but when all their apps, including a non-multiplayer five-in-a-row game, request "full network connectivity" and "location information" permissions on install, you know something's fishy; the fake company name is just icing on the cake.)
The irony is that I can't even use Market feature to report it as malware, or at least write a 1-star review with a warning, because you can only write reviews/complaints once you install the app...
Occam's Razor (Score:5, Insightful)
After reading the article, the other linked article, and the comments posted on the linked site, I have to ask what's more likely here: that approximately 30 people out of 100+ millions of iTunes users have infected systems with key-loggers and were phished, or that the App Store has some huge security problem?
Just saying.