XcodeGhost iOS Exploit Source Code Released
Earlier this week, a malware developer did something unexpected: turned over his code to the public. The unknown developer is presumably Chinese, given that his “ReadMe” file is written in Chinese. While Google translate was not exactly efficient at converting the Chinese to English, the overwhelming tone of the file is that of remorse and pleasantries.
First of all, I XcodeGhost event to bring confusion apologize. XcodeGhost from my own experiments, without any threatening behavior, as detailed in the source code.
The document goes on to outline the fact that XcodeGhost is not the kind of exploit which could be forced on developers. The hacker did acknowledge that he had the opportunity to exploit advertising features in the infected apps, but chose not to.
Solemn note is required: for selfish reasons, I joined the advertising features in the code, hope can promote their applications (off the source code can be compared to the Annex do check). But in fact, from the beginning to the final shut down the server, I have not used the advertising function.
Throughout the document, the programmer uses the term “dead code,” which is hard to translate into words we might use. It has been said that this hacker could have sold such an exploit to the CIA, NSA, or any major government, anywhere in the world, given the iPhone‘s global popularity. An exploit like this could have netted him any price he named, like as not. As previously reported by Hacked, the NSA had been looking into doing something much like what the malware developer did.
The three letter agencies could have even used their powers to force app developers to insert the malicious code. Rather than enrich himself, however, the programmer decided to go public with his code, presumably in hopes that the hunt for him will cease and the vulnerabilities will be fixed. This was the first major breach of the Apple App store since its inception in 2009.
Featured image from Shutterstock.