128 million iPhone users were hacked – and Apple chose to hide it

128 million iPhone users were hacked – and Apple chose to hide it

Apple has recently been outed in court for purposely concealing the hack of 128 million iPhone users back in 2015, the worst mass iOS compromise on record.  

In September 2015, researchers reported finding approximately 40 malicious apps within the App Store that contained code that made iPhones and iPads part of a botnet that stole sensitive user information. As more researchers joined the search, the number of apps mushroomed to 4000.  

The malicious apps were downloaded a total of 203 million times by 128 million users, with 18 million of these being US customers.  

Epic Games’ recent court battle with Apple has revealed that Apple decided against notifying the affected iPhone users about its first ever mass hack in 2015. 

Matthew Fischer, App Store VP wrote: Joz, Tom and Christine—due to the large number of customers potentially affected, do we want to send an email to all of them?”, in reference to Apple senior vice president of worldwide marketing Greg Joswiak and Apple PR people Tom Neumayr and Christine Monaghan. The email continued: 

“Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world (e.g. we wouldn’t want to send an English-language email to a customer who downloaded one or more of these apps from the Brazil App Store, where Brazilian Portuguese would be the more appropriate language).” 

Although the logistics of notifying users was discussed, Apple never followed through. In court, an Apple representative was unable to produce any evidence to prove that the email was sent. 

The infected devices were the result of legitimate developers using a counterfeit copy of Apple’s development tool, Xcode. The repackaged tool, XcodeGhost, inserted malicious code into apps alongside normal app functions. 

Considering Apple’s focus on prioritising privacy, and the inclusion of security as a key selling point of its products, their lack of action in the worst mass iOS compromise on record is incredibly disappointing, to say the least.  

Copyright Lyonsdown Limited 2021

Top Articles

Venari Security raises funding to fight encrypted traffic threat

Venari Security has raised series A funding to help organisations fight back against rapidly growing encrypted traffic threat.

Hackers are using hacked Chipotle email account to steal your passwords

Hackers have reportedly taken control of an email marketing account used by the Chipotle food chain and are using the account to fool Internet users to share their personal information…

Hackney Council exposed personal details of vulnerable citizens online

Hackney Council committed an IT blunder that publicly exposed the names and addresses of women placed in temporary accommodation for their own safety.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]