Apple Brass Reportedly Hushed Up iPhone Hack

Millions of phones affected

Apple executives didn’t tell users about a 2015 hack of 128 million iPhones, according to a new report. 

The hack was first uncovered when Apple employees started looking into malicious App Store apps, according to Ars Technica. Eventually, the company found 2,500 malicious apps that had been downloaded 203 million times. 

Getty

News that Apple knew of the hacking came recently during Epic Games’ ongoing lawsuit. An email entered into court shows that managers were aware of the problem.  "...Due to the large number of customers potentially affected, do we want to send an email to all of them?" Matthew Fischer, vice president of the App Store, wrote in the email. However, the hacks were never made public by Apple. 

The malicious apps were developed using a counterfeit copy of Apple’s iOS and OS X app development tool, Xcode. The fake software put harmful code alongside normal app functions.

Once the code was installed, the iPhones slipped out of the control of their owners.  The iPhones communicated with a remote server and revealed device information, including the infected app’s name, the app-bundle identifier, network information, the device’s "identifier for vendor" details, and the device name, type, and unique identifier, Ars Technica reported.

Observers were critical of Apple’s decision not to inform users about the hack. 

"Seems they feared public outrage and backlash more than standing up and telling customers about the potential risks involved."

"The key here for Apple is to clearly outline the impact to the end-user and not just send out a technical alert and update that is embedded in their release notes," Setu Kulkarni, a vice president at cybersecurity firm WhiteHat Security, said in an email interview. 

The hacks highlight potential security problems with apps, Dirk Schrader, a vice president at cybersecurity firm New Net Technologies, said in an email interview. 

"Both large app stores, Google’s Play Store, as well as Apple’s, are essentially a large malware distribution platform if not managed well," he added. "That email, and Apple’s decision not to inform customers and the public, demonstrates what that means. Seems they feared public outrage and backlash more than standing up and telling customers about the potential risks involved."

Was this page helpful?