Pulser_G2 · May 26, 2013 at 09:00 am

Sky UK Apps Compromised on Play Store, Uninstall Them!

sky_apps_playstore_hacked

Today is Sunday, 26th May, and across the world, many people have woken up following a leisurely lie-in to the small notification of an updated app being available. Nothing unusual there, or so you’d think.

The only difference is that today, some of these app updates may well have been malicious updates, pushed to some of the Sky UK official Android apps. As reported by PC Pro and Android Police; the  Sky Go, Sky+, SKY WiFi, and Sky News apps all appeared to be targeted in the attacks that involved updates being pushed to the Google Play Store for these applications.

Fortunately, the compromise was more than a little obvious, with the app listing being defaced, including the header banner, description, and screenshots of the Play Store listing, which have since been removed (Thanks to AndroidPolice for the image).

Obviously, the best advice here is to uninstall any Sky apps that you have installed. This ought to alleviate most risk (unless these apps contained an unknown, zero-day exploit that permitted them to break beyond the application container). This is highly unlikely though, and uninstalling the app should be sufficient a precaution to take.

The question here is: Would anyone have noticed this attack had the Play Store listing not been visibly changed? Had the listing not been defaced, would anyone be aware of this surreptitious update which had been installed? I believe nobody would be aware, and everyone would be sitting, none-the-wiser, with a ticking time-bomb on their phones and tablets. These are not small-time apps, with the Sky Go app having between 1 and 5 million users, so the potential for building a silent bot-net of devices is not insignificant.

Later today, we’ll take a dive in and look at the implications of this attack, and what it means for app developers, and users alike. In the meantime, stay safe, and uninstall any Sky apps on your phone. Doing this, you should be reasonably protected against any further risks of this compromise.

Finally, one last piece of advice for Sky or anyone else affected by a similar security incident in the future: When you do announce the breach via Twitter, please do so and link to something verifiable on your own website that details it (in light of recent Twitter accounts being hacked), rather than making a grammatically incorrect and rushed tweet that raises the question of if your Twitter account is compromised:

skysecurityfail

 [Source: AndroidPolice; PC Pro]


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

Pulser_G2

Pulser_G2 is an editor on XDA-Developers, the largest community for Android users. Developer Admin at xda-developers, interested in everything in mobile and security. A developer and engineer, who would re-write everything in C or Assembler if the time was there. View Pulser_G2's posts and articles here.
Jimmy McGee · May 22, 2015 at 12:10 pm · 2 comments

YotaPhone 2 Pre-Order, Xperia Z1 Price Cut – XDA TV

Android Wear 5.1.1 OTA downloads are now available. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of Sony cutting the price of the Xperia Z1 and be sure to check out the article talking about the YotaPhone 2 Indiegogo pre-order. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA...

XDA NEWS
TK · May 21, 2015 at 02:15 pm · 3 comments

Device Review: No.1 X1 Rugged Smartphone

We are almost at the end of Q2 for 2015, and we have seen most of the flagship phones for the year already. While flagship phones usually offer bleeding-edge specs and are the most sought after phones, there is a huge market for non-flagship phones. Some offer value, others offer unique differentiating features. Today, we are going to look at the X1 phone by a Chinese company named N0.1. The company promises a truly rugged IP68 Certified phone. The device has a Quad...

XDA NEWS
Emil Kako · May 21, 2015 at 01:10 pm · 4 comments

When a Friend or Family Member Asks for a Phone Recommendation, What Do You Tell Them?

The majority of us here at XDA would consider ourselves power users and Android enthusiasts. Thus, when a friend or family member has a question about which phone they should get, they usually come to us. However, this is where we all differ. While some will atomically recommend the Nexus line, others in the community will suggest an offering from Samsung or LG. When a friend or family member asks you for a phone recommendation, what do you say?

DISCUSS
Share This