Supply Chain Vulnerabilities in Apple and AWS Breach

By   ISBuzz Team
Writer , Information Security Buzz | Sep 29, 2015 08:00 pm PST

Over the weekend researchers found that hackers had infected an unauthorized and compromised version of Apple’s Developer Toolkit which developers used to create iPhone and iPad apps. This first of its kind security breach prompted Apple to take down more than 3 dozen apps from its Apple store. Tripwire security experts commented on the supply chain impact of both the Apple hack and news of a breach of medical records on AWS.

[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :

This particular attack is significant as it has a widespread impact, has successfully circumvented Apple’s code review process and is utilizing a cunning attack vector through the targeting of mobile development tools. Similarly it exposes additional risk to mobile application development teams, as legitimately installed versions of Xcode can also be affected via targeted malware. Apple will need to move quickly to patch this particular vulnerability as there could be follow on attacks targeting these same vulnerabilities. However Apple will need to implement multiple points of remediation to detect malicious iOS applications already exposed, as well as address the vulnerability in Xcode itself.”[/su_note]

[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of IT Security and Risk Strategy at Tripwire :

“A  person who claims to be the author of the code has made a Github report with the source code and an explanation, but it has not been confirmed that they are the actual author at this time (Visit HERE). If true, the goal was to expose a vulnerability as well as promote the authors own application from within other apps.

It may seem at first that these two stories are unrelated. One is a large scale compromise of the major app store and the other is the disclosure of medical records. Different data, different industries, but there is a key commonality in where these incidents occurred: the supply chain. In both cases, the incidents did not originate with the affected entity. In the case of Apple, attackers targeted and compromised developers, a key part of the App Store supply chain. With the medical records, intent remains unknown, but the data was published from Systema Software, a third-party claims administration tool.

As we work across industries to harden major enterprises against attacks, the cybercriminals will shift their focus to the more vulnerable targets. Indeed, they already have. Vendors in the supply chain are often less protected, with a smaller Information Security budget, but the payoff for the attacker can still be significant.”[/su_note]