128 million iPhone users were hacked – and Apple chose to hide it

128 million iPhone users were hacked – and Apple chose to hide it

Apple has recently been outed in court for purposely concealing the hack of 128 million iPhone users back in 2015, the worst mass iOS compromise on record.  

In September 2015, researchers reported finding approximately 40 malicious apps within the App Store that contained code that made iPhones and iPads part of a botnet that stole sensitive user information. As more researchers joined the search, the number of apps mushroomed to 4000.  

The malicious apps were downloaded a total of 203 million times by 128 million users, with 18 million of these being US customers.  

Epic Games’ recent court battle with Apple has revealed that Apple decided against notifying the affected iPhone users about its first ever mass hack in 2015. 

Matthew Fischer, App Store VP wrote: Joz, Tom and Christine—due to the large number of customers potentially affected, do we want to send an email to all of them?”, in reference to Apple senior vice president of worldwide marketing Greg Joswiak and Apple PR people Tom Neumayr and Christine Monaghan. The email continued: 

“Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world (e.g. we wouldn’t want to send an English-language email to a customer who downloaded one or more of these apps from the Brazil App Store, where Brazilian Portuguese would be the more appropriate language).” 

Although the logistics of notifying users was discussed, Apple never followed through. In court, an Apple representative was unable to produce any evidence to prove that the email was sent. 

The infected devices were the result of legitimate developers using a counterfeit copy of Apple’s development tool, Xcode. The repackaged tool, XcodeGhost, inserted malicious code into apps alongside normal app functions. 

Considering Apple’s focus on prioritising privacy, and the inclusion of security as a key selling point of its products, their lack of action in the worst mass iOS compromise on record is incredibly disappointing, to say the least.  

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]