If you follow China or Apple, then you by now have certainly heard of the XCode Ghost hack that took place in mid September. According to Caijing Magazine, what is now considered to have likely been a group hacking effort has resulted in over one hundred million hacked iPhones, located mostly in China. The hackers infiltrated some of China’s most popular apps including Wechat, Didi Dache, and Netease. Besides the scale of the attack and the fact that it took place on the previously impenetrable iOS system, the two most interesting parts of the story are the method behind the attack and the motive.
As most people know, due to the Chinese government’s attempts to control domestic information flows, many foreign websites like Facebook and Twitter are blocked. However, even those which are not blocked, like Apple’s developer website and the App Store load slower in China. The speed is such a problem that there are many websites existing within the Great Firewall which host material from outside. The most significant amount of register material is software development code, since GitHub and other open source code sharing environments are prohibitively slow.
Another localized feature of this attack the general lack of security awareness within Chinese technology circles. Recent economic and technological development has brought widespread Internet access to the nation, but as little as 5 years ago Internet access and personal devices including laptops were not so easily found. This recent change means that most Chinese software developers themselves may have only gained access to a computer within the last 10 years, whereas Western millenials mostly grew up around computers. The lack of long-term technology exposure combined with fewer years of experience with technology means the average Chinese Internet users are not aware of the potential of malware and how to practice Internet safety. Thus, when faced with a slow download of the new 7th version of XCode (the Apple software development tool), many Chinese developers opted instead for 3rd party websites and developer forums.
Little did these developers know that the versions of XCode being hawked on unofficial websites had already been altered to inject a block of code that would send valuable user and app information to an unknown server. Because this is such an unconventional hack, Apple also did not have review methods in place to check for 3rd party malware in iOS apps. Before Apple or Chinese developers realized what had happened, millions of iPhones had already been infected with the XCode Ghost.
The interesting piece of this story is that the hack is not direct, and it wouldn’t work outside of China. As it is often preached in business circles, when operating in China one must adjust to the environment. However, this is one of the first instances of a localized hack that works less because of tech savvy and more because of an understanding of the political and social environment.
The second interesting piece of the story, as reported by Caijing Magazine is that the alleged lead hacker has posted on Weibo saying that the attack is not intended to harm any users, but was just a test. The hackers have already closed their server and seemingly left no incriminating evidence. It begs the question why and who would attempt such a large scale hack only to see if it could work.
It is ironic that the Chinese government’s goal of protecting domestic stability by limiting outside opinions has actually resulted in what may be the largest cell phone hack in history, putting close to one hundred million Chinese people’s private information at risk. This irony is all the more curious when considered alongside the hackers’ motive, or lack thereof. Could it be that the hack is one of the world’s first instances of large scale digital government protest? Could the hackers’ motive actually be only to prove that digital protectionist policies are also open to unintended consequences?
Follow me on Twitter: @c_h_wood