Pirated Mac App Store apps pose major risk

Filed Under: Apple, Malware, Video

Angry Birds logoAs my colleague Rich Baldry pointed out earlier, Apple officially launched the Mac App Store today with their release of OS X 10.6.6. The App Store provides undeniable benefits to users who wish to easily find new programs and reduce the number of companies they share their credit card details with.

Unfortunately, many of the applications in the App Store can be pirated without payment. Developers of applications like Angry Birds appear to have ignored Apple's advice on validating App Store receipts before launching.

What does this mean? It allows people to reconfigure a paid application to run on other people's Apple IDs without requiring them to purchase the app.

Assume that I have purchased Angry Birds for $5 and choose to share it with a fellow OS X user. The way this should work is that the game would prompt my friend to authenticate as me when they try to run it. Because they do not have my password, this should not work. But what some researchers have discovered is that I can copy my identity into the program and it will happily run despite not having been legally purchased.

Apple program authentication

While this clearly should be a concern for Mac App Store developers who don't want their software stolen, and of course Apple, who does not want to lose out on App Store revenue, it also raises some security concerns around how applications are validated as coming from the App Store.

In the past, we saw that the primary reason many people chose to jailbreak their iPhones was to acquire pirated applications that they would otherwise have purchased from the App Store. With no validation mechanism in place, this left their iPhones vulnerable to malware and trojanized versions of these "off-market" downloads.

Will the App Store lead to the same problem? No doubt some Mac users, also too cheap thrifty to pay, will succumb to the temptation of Googling to acquire these cool apps/games/utilities at no cost.

Unfortunately, as I demonstrate below, some applications downloaded from the App Store can easily be modified to include any sort of executable code you wish. It wouldn't surprise me to see a surge in markets for pirated applications that might just be booby-trapped to include unexpected surprises.

Mac OS X users should be as cautious as ever about programs they download from the internet. The Mac App Store may introduce you to interesting new programs you would like to run on OS X without paying, but you should always be cautious of getting something for nothing. Someone who claims to provide you with paid applications for free may not simply give you a free program, they may give you an unwanted infection.

Mac users who want the best protection available for their computer can download Sophos Anti-Virus for free! Go to http://www.sophos.com/freemacav.

, , , ,

You might like

13 Responses to Pirated Mac App Store apps pose major risk

  1. Chris · 1384 days ago

    Your implication that all iPhone jailbreakers are pirates is complete bullshit. As the owner of an IPhone 3GS I can't wait for the Comex untethered jailbreak for iOS 4.3.
    Why?
    Because I am sick of Apples anally restrictive control of what I can and cannot do with MY phone.
    Your implication does not recognize the tireless work of developers who create some outstanding apps for use through Cydia.
    While your sanctimonious diatribe is not appreciated, it is to be expected from the uniformed Apple Elite.

    • Tom · 1384 days ago

      That implication is yours alone Chris (as is the sanctimonious diatribe, co-incidentally). Yes there are plenty of good reasons to jailbreak; I also have a jailbroken 3GS which has been massively improved by proswitcher, bitesms and sbsettings, but you shouldn't ignore the less-technical majority who I think mostly do it to pirate.

  2. Spookie · 1384 days ago

    I don't see how this presents any problem to a user who pays for her apps and doesn't share them. Am I missing something?

    • Chester Wisniewski · 1384 days ago

      You are correct, play by the rules and you are likely even safer than before.

      Chester

  3. dgrinbergs · 1384 days ago

    Nitpick: "OS X" is correctly pronounced "OS ten" - not "OS ex".

  4. dgrinbergs · 1384 days ago

    $ codesign -vv Firefox.app
    Firefox.app: code object is not signed

    Seems prudent for the Firefox folks - and other Mac developers - to codesign their apps to prevent launching a modified app:

    You can't open the application <tampered app> because it may be damaged or incomplete.

  5. guest · 1383 days ago

    Yeah, and? When you download pirated software, there is always the risk of it being compromised. Nothing new.

  6. Micraplle · 1370 days ago

    You turdwipes, calm down. He is just sighting more of an oversite for the software devs than the people. Yes, pirated has its risks and those who risk deserve there blah-blah-blah... And you jailbreaking wannabe(s), shutup. If you just want to tell the world that "Hey I have a jailbroken phone and I dont pirate. It has stuff that apple wont allow..." Great, HE was not talking to you either... SHUT UP with your pesky posts.

    He just pointed a potential issue especially for our novices of the world who listen to people (like you turdwipes) who only know enough to be dangerous and screw up there computer.

    Yes, I am being over the top being silly/harsh, but lighten up. Some of us are acually "Cool Geeks"... Try to yourself

  7. wohhey · 1367 days ago

    I don´t know anyone in my neighbourhood who has jailbroken their iPhones/iPod touches and don´t pirate.. I have paid for all my apps since I turned 18 and could do online payment. I even pay for cydia store programms that could be easily downloaded for free from illegal sources. Show some respect to the teams that are working hard to open the iOS devices. You´r just ruining their reputations and making them look like bunch of criminals. I really hope saurik blocks all the pirated sources from the cydia some day, but I don´t see that in near future cause cydia is open source...
    ps. sorry my bad english.
    pps. i have bought Angry Birds too, was a bit dissapointed because it´s exactly the same as on the iPhone.

  8. Kyo · 1291 days ago

    To tell the truth i have tried the pirated apps my self. Seriously they work but dont come bitching at me saying I am a pirate. So I tried I mean who doesn't try this. I have paid for every app I have gottenso far. i just don't think its right for apple or devs to charge 15 bucks for some ported game they have putt on many hand held before the ipod. I mean if I can jsut play the game beat it and then get rid of it with out paying would be awesome, but everyone knows apple isn't gonna do a thing liek that. I can see why people would want to pirate apps. because hey maybe it took said person forever to save up to have the altest and greatest thing then to find out hey I have to have more money for shit I want and they can't get it. I am just saying 5, 10, and 15 dollar apps should be lowered. Everyone liekd apps because they was .$0.99 in the beiging and now thye are wanting more its bs.

  9. Ian · 1263 days ago

    My biggest concern with the Mac App Store is it appears to bypass all the security checks on the installation of an Application. Sure it asks for your AppliID so it can charge you, but there is no prompt for administrative password, or warning on first execution of what is a download.

    Interestingly, try to uninstall something you just installed via the Mac App Store and you do get prompted to credentials, proving the Application was installed in a trusted space, and there were no credentials required to perform the installation by the Mac App Store.

    Sounds to me like a perfect attack vector for a malicious payload, I only hope that Apple are verifying everything in there 100%, and hopefully not relying on certificates to do the job for them (re: Stuxnet/Realtek). I certainly won't be using it, OSX is not nearly as controlled as iOS.

  10. totalapps · 1073 days ago

    questionof the safety of the operating system is the point of extreme importance, so thank you for the artile!

  11. Blayney. · 976 days ago

    Wow, a lot of heated comments here. I may be coming to the party a bit late, but no matter how you look at it, if you get a pirated version of the ap, maybe just to try. YOU ARE A PIRATE. stealing is stealing, even if you delete it later, you can't give back digital content. Every download supports those who pirate it, Apple may be controlling, but maybe they wouldn't have to be if people decided not to pirate out of the goodness of their hearts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.