14 DAY TRIAL // Security researchers from FireEye have discovered that the mobiSage SDK (software development kit) from adSage, a Chinese advertising firm, is secretly opening backdoors on iOS devices.
FireEye found this backdoor in 2,846 iOS apps, of which Apple was notified and later removed from the App Store.
According to researchers, the backdoor code was hidden in the mobiSage SDK, which iOS developers used inside their apps to show ads.
The SDK contained two components, one written in Objective-C, which initiated the backdoor code, and one component written in JavaScript, which was actively contacting a Web server and requesting instructions. Commands from this server would arrive on the device as ads shown through the SDK.
The backdoor had full spying capabilities
The backdoor had the ability to make screenshots, record audio, get geo-location details, read/create/edit/delete files and keychain data (password storage), open URLs, launch apps, side-load other apps from unofficial Apple sources, encrypt data, and then send it to a C&C server.
Only SDK versions 5.3.3 to 6.4.4 contained the backdoor functionality. FireEye researchers say that the recent version of the SDK does not include the malicious code anymore.
In spite of the malicious functionality, during the time FireEye researchers monitored the SDK, no unusual communications or malicious activity was detected.
"It is unclear whether the potentially backdoored versions of the ad library were released by adSage or if they were created and/or compromised by a malicious third party," FireEye noted.
Chinese advertising firms have a knack for stealing user data
Before the adSage incident, three other cases of malicious code hidden in SDKs were reported.
1. The Taomike SDK, which was secretly stealing SMS messages from over 18,000 Android devices and uploading them to a server in China.
2. The Youmi SDK, which was snooping on users, found in 256 iOS apps, which Apple eventually banned from the App Store.
3. The Baidu SDK, which installed a similar backdoor on over 14,000 Android applications.
All of these SDKs were developed by Chinese companies.
