TNW Apple (The Next Web) has a number of stories on what it calls “app farm” exploitation of iTunes and the App Store, or rather their users.
The original story is focused on the hijacking of user accounts in the App Store by rogue developers in order to increase both their sales and their ranking, by making mass purchases in the name of the hijacked account, and subsequent stories expand on the theme with examples and quotes from alleged victims.
It’s not clear how the scammers are hijacking accounts, but I don’t see evidence at present that it’s down to sophisticated hacking or vulnerabilities in iTunes or the App Store: it looks likelier to be weak passwords and social engineering. At the moment it seems that Apple’s advice is simply to change passwords. It is being argued that Apple might help more by monitoring dramatic swings in popularity and, perhaps easier to implement, mass purchases from single accounts.
http://thenextweb.com/apple/2010/07/04/app-store-hacked/
http://thenextweb.com/apple/2010/07/04/appstore-hack-itunes/
http://thenextweb.com/apple/2010/07/05/app-store-app-farm-steal-your-money/
Tip of the hat to Rob Slade for bringing this one to my attention.
David Harley CITP FBCS CISSP
Mac Virus Administrator
AVIEN Chief Operations Officer
Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com
[…] seems to be entirely focused on a single example cited by TheNextWeb (as I previously mentioned here), but does suggest a rise in reports of iTune account […]
By: App Farming: a Less Alarmist View? « Mac Virus on July 5, 2010
at 10:14
[…] Hat tip to David Harley’s Mac Virus blog. […]
By: iTunes App Farms Scamming Users [Updated]- The Hackers Edge on July 7, 2010
at 01:52
[…] Hat tip to David Harley’s Mac Virus blog. […]
By: Apple iTunes Accounts Hacked, But Is This New? (PC Magazine) : Online Surveys Tips and Information on August 24, 2010
at 14:37