Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Are they actually powered down? (Score 5, Informative) 53

If you go to Settings -> Privacy -> Diagnostics & Usage -> Diagnostics & Usage Data on an iPhone that suddenly powered off, the reason why might be in one of those logs. For example, it may be something like a kernel panic or a thermal event (getting too hot and then being forced to shut down). Both events will be logged.

Comment Re:Can anyone explain in actual meaningful terms? (Score 4, Informative) 143

The description of bitcode’s purpose is just a bit wrong.

Bitcode is designed to remove the requirement of needing multiple architecture slices for architectures that are just slightly different. For example, when the iPhone 5 came out it supported an “ARMv7s” ISA. This added a few new instructions to ARMv7 like integer divide to increase performance. However, in order for developers to take advantage of it, their app had to have executable code slices for both ARMv7 and ARMv7s, increasing binary sizes. Furthermore, it required every library ARMv7s code linked to also have an ARMv7s slice.

This quickly became a pain in the ass and ARMv7s was dropped in Xcode 6.

Bitcode would address this issue. A developer would compile their app to Bitcode (a specific type of LLVM IR) and then Apple would later compile it fully into the target ISA.

This is especially relevant for ARMv8 as ARMv8.1 is the latest version with slight changes.

Comment Re: UUID can be generated (Score 1) 79

They have the app name, there's no reason to do that with a UUID

But as I mentioned before, there's no phishing support in XcodeGhost as their use of UIAlertView doesn't allow for any text input fields. Even if a different malware tried to phish with a fake dialog, real Apple ID password dialogs on iOS never have a blank entry for the username, it's always part of the dialog text because iOS knows what your Apple ID is. This makes it significantly easier to not be fooled by just taking a cursory glance of the dialog.

Comment Re: Actually, the opposite (Score 1) 79

Why do you ask? It is a damaged executeable ... or so the dialog says.

Is this some kind of weird, surreal art project of yours? You just asked in response to my post that included a screenshot of the dialog:

Gatekeeper is not preventing third party apps from launching, it only asks: "look, this is a third party app, downloaded from the internet, do you want to launch it anyway?"
Guess what I answer: yes!

There is no OK, Open, or "Yes" button on that Gatekeeper dialog.

Comment Re: Poor mans ken Thompson attack (Score 2) 79

It's not that they were trying to bypass a payment (Xcode is free to download). It's that Apple's severs are just so damn slow if you can't get access to their content distribution network. Sadly, this is pretty much the case of everyone in China due to the Great firewall of China that strangles access to non-China networks.

It also used to be true if you used Google DNS because previous primary Apple's CDN, Akamai, used DNS to route traffic. In that case, many developers would rather use BitTorrent to grab Xcode than to disable Google DNS.

The real issue is the fact that these developers disabled Gatekeeper. Gatekeeper would have prevented infection.

Comment Re: Actually, the opposite (Score 1) 79

The author of XcodeGhost released the source after they heard what was happening. It includes an apology at the bottom (in Chinese) that makes it seem like it was just a proof of concept and he had no intention of it getting out but was picked up and spread via Baidu by others.

The PoC angle would explain why it looks so damn much like any other basic analytics package. This is also likely why Apple's app scanners didn't pick it up, it doesn't do anything that's not permitted. The only weirdness is that it tries to hide from the debugger, but that's also done by legitimate apps that use DRM.

I found about about the code on GitHub from a fellow Mac/iOS developer/reverse engineer. As for getting samples of the actual infected Xcode, the author of the Palo Alto Networks article uploaded it to his DropBox account so others could confirm the findings and detect the malware. That's where I got the infected Xcode from for my own tests.

8 Catfish = 1 Octo-puss