App Store Account Scams

TNW Apple (The Next Web) has a number of stories on what it calls “app farm” exploitation of iTunes and the App Store, or rather their users.

The original story is focused on the hijacking of user accounts in the App Store by rogue developers in order to increase both their sales and their ranking, by making mass purchases in the name of the hijacked account, and subsequent stories expand on the theme with examples and quotes from alleged victims.

It’s not clear how the scammers are hijacking accounts, but I don’t see evidence at present that it’s down to sophisticated hacking or vulnerabilities in iTunes or the App Store: it looks likelier to be weak passwords and social engineering. At the moment it seems that Apple’s advice is simply to change passwords. It is being argued that Apple might help more by monitoring dramatic swings in popularity and, perhaps easier to implement, mass purchases from single accounts.

http://thenextweb.com/apple/2010/07/04/app-store-hacked/ 
http://thenextweb.com/apple/2010/07/04/appstore-hack-itunes/
http://thenextweb.com/apple/2010/07/05/app-store-app-farm-steal-your-money/

Tip of the hat to Rob Slade for bringing this one to my attention.

David Harley CITP FBCS CISSP
Mac Virus Administrator
AVIEN Chief Operations Officer

Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com