14 DAY TRIAL // iTunes users are now advised to change the password they use with their iTunes accounts, following a second wave of app-driven hacks of its iTunes store, according to Help Net Security. Customers should also switch to a prepaid debit card to stay on the safe side, the report suggests.
Following Apple’s acknowledgment that rogue developer Thuat Nguyen and his apps had been removed from the App Store for violating the developer Program License Agreement, new reports surfaced over the past weekend signaling that a second developer was able to steal iTunes customers’ credit card information by using a similar approach, according to Barmak Meftah, Fortify's chief products officer.
"Over the 4th of July weekend, a Vietnamese group used the same strategy to ramp its apps to the top of the book charts on the App Store. This time around it seems it's the travel section that's been hit," Meftah said. "The clever aspect of this hacking strategy is that iTunes members will see an app at the top of the charts and download it, if only to see what all the fuss is about, and then open themselves up to a obfuscated malware infection or, more likely, see their iTunes account details being lifted and misused," he added, according to Help Net Security.
Meftah believes the future holds “a lot more innovative infection methodologies like the iTunes developer hacks,” and notes that “The problem is that the Internet's Web 2.0 structure is too open to lock down completely, so users and Web site operators need to take precautions." Fortify's chief products officer warns that customers should take steps immediately to protect themselves against these attacks, as "This goes way beyond ensuring your computer has IT security software installed.”
“It's about thinking about Internet safety and taking steps to defend your digital assets. E-commerce portal operators like Apple have their part to play as well, and should invest a larger slice of their profits in on-site security," he added. "It's perhaps fortunate for Apple that iPad and iPhone users can only source apps for their device through the iTunes service, as otherwise there will be a lot of members heading for the exit as a result of this problem."