Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Apple

The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record (vice.com) 49

As part of the trial against Epic Games, Apple released emails that show that 128 million users, of which 18 million were in the U.S., downloaded apps containing malware known as XCodeGhost from the App Store. From a report: In 2015, unknown hackers snuck malware onto thousands of apps on the iPhone App Store. At the time, researchers believed the hack had the potential to impact hundreds of millions of people, given that it affected around 4,000 apps, according to researcher estimates. This made it perhaps the largest hack against iPhones ever in terms of affected users. But for years, the full scale of the hack was unknown to the public. Some even thought the real impact of the hack -- known as XCodeGhost, the name of the malware used -- would never be revealed.

But now, thanks to emails published as part of Apple's trial against Epic Games, we finally know how many iPhone users were impacted: 128 million in total, of which 18 million were in the US. "In total, 128M customers have downloaded the 2500+ apps that were affected LTD. Those customers drove 203M downloads of the 2500+ affected apps LTD," Dale Bagwell, who was Apple's manager of iTunes customer experience at the time, wrote in one of the emails. Another Apple employee wrote in the emails that "China represents 55% of customers and 66% of downloads. As you can see, a significant number (18M customers) are affected in the US." The emails also show that Apple was scrambling to figure out the impact of the hack, and working on notifying the victims.

This discussion has been archived. No new comments can be posted.

The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record

Comments Filter:
  • by Anonymous Coward

    Trusted gatekeepers

    • by Anonymous Coward

      One has to question the utility of the walled garden concept to begin with, if the richest corporation in the world can't manage it when they claim to be doing it well.

      • Re:Ah yes (Score:4, Interesting)

        by Mononymous ( 6156676 ) on Friday May 07, 2021 @02:06PM (#61359852)

        I'm as anti-Apple as anybody. I would never enter their walled garden. But I think insisting that they stop 100% of malware is probably unrealistic.

        • Re: Ah yes (Score:4, Interesting)

          by reanjr ( 588767 ) on Friday May 07, 2021 @02:14PM (#61359890) Homepage

          I don't think anyone expects that.

          But 4000 apps infected with the same malware? Alibaba found it. Why couldn't Apple?

          It seems as if their whole argument about security is based on theater. They don't do anything but run a (poor) virus scanner.

        • Re:Ah yes (Score:4, Informative)

          by Dracos ( 107777 ) on Friday May 07, 2021 @03:16PM (#61360064)

          This isn't revealing anything about walled gardens, it's exposing the lack of curation in the environment. Walls aren't enough to keep invasive species out, but do allow them to thrive.

        • Re:Ah yes (Score:5, Interesting)

          by phalse phace ( 454635 ) on Friday May 07, 2021 @03:52PM (#61360208)

          I think insisting that they stop 100% of malware is probably unrealistic.

          Perhaps. But it's Apple's fault when they themselves make the claim that they're able to [apple.com] (note the part about 100% of apps being screen for malware)

          "For over a decade, the App Store has proved to be a safe and trusted place to discover and download apps. And a big part of those experiences is ensuring that the apps we offer are held to the highest standards for privacy, security, and content. Because we offer nearly two million apps — and we want you to feel good about using every single one of them.

          Privacy and security.
          Built into everything we do.

          100% of apps are automatically screened for known malware.

          Dedicated to trust and safety."

          • by edis ( 266347 )

            100% of apps are automatically screened for known malware.

            Seduced by 100%, you missed important stuff. Was there really the promise no malware ever will make its way into the millions on offer? Yes, in our times especially, good engineering habits do clash with the marketing screams. Billions of folks out there have no clue to not rely on an anybody's-actually software, millions of such instances. When even regarded ones are targets of intrusion.

        • by rossz ( 67331 )

          Apple makes it near impossible to get apps anywhere but their store. They also make false claims about the safety of their store. They don't do even the most basic of checks of the apps. The only time they bother to do anything is when the bad publicity gets bad enough to potentially affect their sales. Based on their actions, Apple is 100% responsible for the malware.

          • by edis ( 266347 )

            They don't do even the most basic of checks of the apps.

            The only time they bother to do anything is when the bad publicity gets bad enough to potentially affect their sales.

            Based on their actions, Apple is 100% responsible for the malware.

            Sounds like missing argumentation.
            Take last alone: completely, totally responsible for abuse is abused entity. It's wild.

            • by rossz ( 67331 )

              They claim to review all applications in their store. The truth is they don't review any of them. They create a false sense of trust. That is why they are 100% responsible for spreading the malware.

      • Re:Ah yes (Score:5, Insightful)

        by phantomfive ( 622387 ) on Friday May 07, 2021 @03:40PM (#61360160) Journal

        A walled garden is ok. Preventing people from leaving the garden makes it a jail.

        • by edis ( 266347 )

          Did they really prevent, by merely making their offering available?
          They can have their ideas, what makes it sound. Being open for arguments, whatever could impress them.

          • Being open for arguments, whatever could impress them.

            That isn't even a complete sentence, not to mention lacking a sound argument.

            Apple went out of their way to lock down their system, to prevent people from using their own phones how they see fit. That is bad.

            • by edis ( 266347 )

              They are not in their business to please you by something else, than their products, composed in the way, they see it proper, sorry.
              Still, I assume them being as open, as anything in the land of free speech, to collect opinions on their act. However, since it is their thing, the final judgements are not on your side, quite naturally.

              The sentence was as complete, as I wished it to be.

              • However, since it is their thing, the final judgements are not on your side, quite naturally.

                If I buy the phone, it is my thing, not their thing. Nice to know you have this misconception, though.

                • by edis ( 266347 )

                  Sure. Yet let me guess if this discussion is about App Store, you didn't buy. Why at all you expect to define its design then?
                  You don't have to answer, as so far this was missing meaningful focus, thus why pointlessly whine.

                  • Sure. Yet let me guess if this discussion is about App Store, you didn't buy.

                    Pay attention. To quote from earlier:

                    "A walled garden is ok. Preventing people from leaving the garden makes it a jail."

                    Apple sucks for keeping people locked in, and your reading comprehension sucks equally.

                    • by edis ( 266347 )

                      It's you, who doesn't get it - it is uniform and solid by design.

                      It is not Linux. Not Android. It is commercial product, experience from start till end offered by Apple, the design company.
                      Ensured by their capability to control known malware, as per declaration.

                    • So just like any other virus scanner. They all control known viruses too. Why bother making the statement? They're literally no different than Google or Microsoft
                    • by edis ( 266347 )

                      Google:
                      You’re protected at every turn. Avoid bad apps.
                      Google Play Protect helps you download apps without worrying if they’ll hurt your phone or steal data. We carefully scan apps every day, and if we detect a bad one, we’ll let you know and tell you what to do next. And we study how it works. Because everything we learn improves the way we screen apps. So you stay safer.

                      Microsoft:
                      In Microsoft Store, you can find many of your favorite apps, discover new ones, and manage them all in one loc

    • Re:Ah yes (Score:5, Informative)

      by Anubis IV ( 1279820 ) on Friday May 07, 2021 @05:25PM (#61360540)

      If you’ll recall, this particular issue surrounded thousands of apps that were built using a pirated copy of XCode. Unscrupulous developers downloaded and used the pirated copy instead of the copy that was freely available from Apple, without realizing that the pirated copy had been modified to inject malware into their builds.

      Apple has since addressed the issue, but at that time, the chain of trust only went as far as the developers, and seemingly reputable devs with extended histories in the App Store were submitting these apps. Things work differently now, in direct response to this situation.

  • by samwichse ( 1056268 ) on Friday May 07, 2021 @02:17PM (#61359898)

    I was on the fence about it at first, but I'm loving this lawsuit and how much dirty laundry Apple has been forced to air.

    Somehow they manage to bury all this crap, but Epic is digging and digging.

    Epic is no angel, but good on them for this.

    • by fazig ( 2909523 ) on Friday May 07, 2021 @02:39PM (#61359958)
      I do get the impression that this might be the real goal here.

      We will see what price Epic will have to pay for this though. Because it's questionable that this is going to do lasting damage to Apple's image. Remember how facebook stocks crashed in March last year after that privacy scandal? Today the stocks are still higher than before that crash.

      Such scandals can be a great opportunity to invest money into a company with an otherwise good track record.
      • Because it's questionable that this is going to do lasting damage to Apple's image.

        It doesn't need to do damage.

        If this causes Apple to open up their devices, then it will improve their image in my eyes.

      • I do get the impression that this might be the real goal here.

        I called this [slashdot.org] almost a year ago. While I've reconsidered the first two statements in that comment, the rest of it seems to be bearing out even better than I expected. Also, aren't security breaches required by U.S. law to be reported to all people effected? If so, could this be grounds to open another lawsuit against Apple?

    • Personally, I have trouble believing that this strategy will garner Epic a “win.” It will be interesting to see the final outcome of course, but thus far I don’t feel like anything really bad has come out of it for Apple— just regular “bad stuff happened” that doesn’t show abuse of power, negligence, nor a problem requiring resolution by the courts.

      Apple will end up changing a few policies I am sure, but I doubt it will end up where Epic wants it— using the o

    • by tlhIngan ( 30335 )

      It might also backfire on Epic in the end - because if ti shows Apple tried and fixed issues discovered with it, then it may mean anyone else who wants to be a store will need to do the same.

      In other words, it becomes a form of regulatory capture enacted by Epic. Sure you can have your own store, if you're a $1T company and can pay for an army of developers and engineers and such.

      Sure, Epic can have their game store, but they'll need to hire 10x as many developers, abandon Fortnite and everything and it's a

      • by Vapula ( 14703 )

        EPIC don't give a fuck about Fortnite on iPhone... The major platforms for Fortnite are PS and XBox... which accounts for the vast majority of the players.

        Even if Fortnite can't get back on the iPhone, it won't cost much to EPIC... (in fact, it'll cost to both Apple and EPIC as there will be people switching to Android to keep playing Fortnite on their phone)

        But if they win, it'll be a solid leverage against Sony and Microsoft to get the same right to have their own shop on these platflorms...

  • For fucks sake.

  • Now Apple certainly can and should do better with App Store curation. But the conclusion I draw from Epic's attack on the App Store is that BETTER curation is needed. And that curation is worth paying the premium. An absence of curation would make things MUCH WORSE.

    • by mysidia ( 191772 )

      conclusion I draw from Epic's attack on the App Store is that BETTER curation is needed. And that curation is worth paying the premium.
      Truly... the walled garden is no secret - it's deliberate choice consumers have willingly Opted into and accepted in order to enjoy some of the security/reliability benefits by choosing an iPhone over an Android device; in spite of the greater costs. It is well-known such that in case a customer was unaware, then that customer just didn't make their due dilligence bef

      • I think you just gave the average iphone owner WAY to much credit on their knowledge of how their phone works and is locked down. I mean, the average iphone user is my parents who are retired. Many older customers of mine are also on the iphone. None of them know diddly about their phone.

        I also don't think any of them care either. To us these are powerful devices that have the potential to do so much. To them and most other people they are appliances and should just work.

        At the end of the day, I would like

      • It is also reasonable that Apple be able to ensure it is fairly compensated for value that they are essentially providing to developers not only in the undertaking of maintaining and providing development tools, the ecosystem and frameworks they actually built their App on, time and resources to review and monitor activities regarding their Apps, but in providing the downloads of apps; the listing and essentially bringing them business by making them easily discoverable through Apple's storefront, etc.

        Let them open their platform and I will do all of that myself, thank you.

You know you've landed gear-up when it takes full power to taxi.

Working...