Last week’s discovery of the XcodeGhost is the first known example of compiler level malware on OS X. The malicious code that underlies XcodeGhost is cleverly designed to reach consumer data by attacking developers.
This new threat quickly drew a wave of responses from app developers as well as consumers, asking what – if any – protection is available. But beyond the immediate and reactive steps that developers should take, (see below) it also raises a more basic question as to what can be done to prepare for and preempt such malware attacks.
Protecting Your Data-At-Rest from Spyware Attacks like XcodeGhost
Spyware attacks (following in the model laid out by XcodeGhost) can take advantage of OS vulnerabilities – especially collaboration features – and gain access to unencrypted data, residing on application sandboxes.
In line with best practice, developers should implement data at rest encryption as a policy. The costs in terms of performance are negligible to nonexistent, while the benefits in terms of protecting consumer privacy are hugely significant.
Whether or not your industry of operation is a regulatory controlled environment, (such as the financial industry with PCI DSS, ISO 27001/2, healthcare with HIPAA) developers must realize that – with enough time and effort – data at rest can and likely will be accessed.
For many developers, the implementation of data at rest encryption is a headache. Moreover, it is rarely possible to completely encrypt resting data due to 3rd party library integrations, which are not subject to developer controls. With Appdome, these issues are addressed:
- There are no additional costs incurred by the developer. Appdome takes the IPA (or APK) and adds an extra layer of security, requiring no additional development.
- Because the Appdome operates at the base level of the storage read/write services, it can encrypt and decrypt any data. This includes files and databases generated by 3rd party libraries.
In terms of operational hierarchy, Fusion is called upon after the app and libraries but before the OS. Graphically the process can be visualized like this:
To best defend against cyber attack, you should understand the cyber motive. Increasingly, that motive is pharming for your financial credentials. An infected app or injected spyware, will often upload or route traffic to hosts which are not related to the original app behavior.
When this is done in parallel to the regular traffic, you get the ultimate spyware, one that the end user can’t notice, which can sit there forever. To protect against such an outcome, app consumers and owners alike need a way to ensure that traffic from the app is routed to the intended hosts/Servers.
When you apply pharming prevention, you define the services, hosts, IPs etc. that the app should communicate with, and violation of this definition will either shutdown the app, generate required logs, or prompt the user for approval.
Appdome’s Fusion, implements pharming prevention at the root level of the communication channel. In effect, it doesn’t matter whether the attack is in your code jurisdiction, or due to a 3rd party library – when pharming is detected, the appropriate action is automatically applied by the fusion.
From the developers’ perspective, pharming protection is a no brainer, as Fusion is done on top of the final IPA (or APK) and requires no coding. Quite simply, Fusion enforces a protocol that defines which target hosts your app is authorized to connect to.
Graphically this feature can be visualized like this:
As an immediate step to protect against XcodeGhost, you may think to re-download Xcode from Apple, rebuild your app, and re-upload it to the App Store. Such an approach, however, is fundamentally flawed. We all know that it’s just a matter of time until the next malware penetration surfaces.
Instead of joining the droves of reactive developers trying – in futility – to stem the tide of cyber vulnerability, be proactive. Be prepared – protect your data and your user’s privacy upfront – so that when the next malware or spyware attack comes to light, you’ll know that your app or your users will be safe.
App owners and consumers face a similar threat. Both are, in a way, at risk of losing their identities. In the high-stakes game of cybersecurity, owners have their good names on the line, while consumers stand to lose their private information and wealth. The immediate shock may be worse for consumers, but – with their reputations at stake – the long-term costs of a data breach can be a death knell for a company.
The best companies will recover, but only after expending considerable time and money scraping to reclaim the trust they’ve lost and rebuilding their social capital from scratch. Will the companies most sullied by the XcodeGhost crisis manage to recover? It remains to be seen.
What is known is that those who leverage Appdome can rest assured knowing they’re protected. Consider Appdome your XcodeGhost Busters.