Researchers last week discovered the first ransomware in the wild aimed at Apple’s hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey. The certificate was used to sign an application of another developer and post a malicious update at the developer’s website.
I agree, certificates are useless and don't help if someone gains access to a legitimate one. I thought this when Apple touted how great developer certificates were. Especially when your issuing them to so many all over the world. It still takes time to pull those certificates and then issue new ones to the developer who may have legitimate apps. One has to figure Apple is not much better than Google in monitoring their app stores. In my view the only good way to prevent a lot of this is not stray away too far from reliable and trustworthy app developers.
Loading ...
Apple Ransomware Reveals Cert Problem
Posted by: John P. Mello Jr. March 17, 2016 02:54 PMResearchers last week discovered the first ransomware in the wild aimed at Apple’s hardware platform. While the threat was subdued quickly, it exposed the weakness of digital certificates in authenticating software to devices. The ransomware appeared as a legitimate application because it contained a digital certificate stolen from a bona fide Mac developer in Turkey. The certificate was used to sign an application of another developer and post a malicious update at the developer’s website.