We’ve said it before and we’ll say it again: there’s no such thing as a safe operating system, and proving this is a threat that has found a way to break into Apple’s normally fenced off garden that is the iPhone and iPad.
One of the downsides of growing ever more popular is that you begin to get looked at by people who might want to take advantage of you.
In the technology world, that often means a popular product is looked upon by criminals as something they might want to take advantage of, with scams and little bits of software that can do their dirty work for them.
Apple has always been pretty successful at keeping out intruders on its iOS platform for the iPhone and iPad, and even has a pretty vigilant staff doing its best to make sure hacks stay out of its app store, but that doesn’t mean the system is iron clad.
In fact, cybersecurity specialist Proofpoint has tracked what it calls a “rogue app” making its way to various iPhones and iPads out there of people who might be looking for paid apps for free, with this search finding something, though it not quite being what the phone or tablet owners have necessarily bargained for.
The rogue app is called “DarkSideLoader”, and while you don’t need to know the name, you do need to know what it does because it is most certainly not friendly.
Technically, the app allows your Apple phone or tablet to access a fake app store populated with names of apps and games that sound real but aren’t, with this app store featuring much of what is in the Apple paid top 10 list, but for free.
But as the old adage of “there’s no such thing as a free lunch” goes, a free app is anything but, and if you’re expecting this special app store to deliver a free “Minecraft” or a free “Lego” game, think again, with the apps loaded onto a phone or tablet using this system essentially putting your details and your device at risk.
When installed, these apps can be used to leave a virus on your home or office network to steal information, and even just grab information from your phone or tablet, essentially leaving you exposed and having no idea who might be taking details.
“Consumers need to avoid rogue app stores and understand that mobile applications can pose a serious security risk,” said Ryan Kalember, Proofpoint’s Senior Vice President of Cybersecurity Strategy.
“Proofpoint has analysed millions of applications and the malicious ones are actively stealing information and sending private data to unauthorised servers around the world. Before downloading an app make sure it checks out.”
Kalember also points out that “no legitimate application should ask for permissions to access data it shouldn’t need”, so if an app is asking for that, work out if you really need that app in the first place, as there’s a good chance you’re getting something you shouldn’t necessarily be doing.
Perhaps the best advice for anyone concerned by this side loading security threat is to steer clear of an app store they’ve never heard of, and if an app you’re looking for normally carries a cost and you want it, pay for it, because the free version may cost you more than you expect.