INTELLIGENT BRANDS // Mobile Technology
At a glance…
High-risk code hits iOS
apps, says FireEye experts
FireEye has recently discovered “backdoored” versions of an ad
library embedded in thousands of iOS apps, originally published in
the Apple App Store.
The affected versions of this ad library were responsible for
embedding backdoors in iOS apps. These apps used the library
to display ads, allowing for potential malicious access to sensitive
user data and device functionality.
The backdoors can be controlled remotely by loading
JavaScript code from a remote server to perform a number
of actions on an iOS device, such as capturing screenshots,
monitoring and uploading the location of a device, modifying
files in the app’s data container, posting encrypted data to
remote servers, and opening URL schemes to identify and
launch other apps installed on the device.
The offending ad library contained data suggesting it to be a
version of the mobiSage SDK. Seventeen distinct versions of the
backdoored ad library were discovered (version codes 5.3.3 to
6.4.4). However, in the latest mobiSage SDK publicly released by
adSage – version 7.0.5 – the backdoors are not present.
With the BYOD concept less than a decade old, it
is critical that anybody heading down this path
consider technologies that are relatively open and
able to support the widest ecosystem of applications
possible both now and in years to come.
BYOD is complex but enterprises who avoid taking
ownership of it not only won’t benefit from the
advantages but could also be introducing further
risk by turning a blind eye to unofficial BYOD
practices that can open up the network to serious
security threats. A BYOD policy is becoming a must
for most enterprises.
(For the full article, please visit
www.intelligentcio.com/me)
www.intelligentcio.com
It is unclear whether the backdoored versions of the ad library
were released by adSage or created and/or compromised by
a malicious third party. To date, 2,846 iOS apps containing
backdoored versions of the mobiSage SDK have been
identified. Among these, there have been over 900 attempts
to contact an ad server capable of delivering JavaScript code
to control the backdoors.
Through the promotion and installation of “enpublic” apps,
the ad library exposes