Mac App Store Pirate Raid Raises Security Concerns
Less than 24 hours after Apple launched the Mac App Store, hackers have found a simple way to pirate applications from the store. Applications from the Mac App Store that skimp on DRM features can be easily validated as genuine with a few clicks when they are downloaded from third-party websites. But security firm Sophos says the exploit not only leads to piracy, but also to malware.
The exploit to validate paid Mac App Store apps downloaded free from the Web as genuine downloads from the store is relatively simple. The process requires just a few steps and has been detailed here. However, only apps that have not been properly secured by developers are affected by this exploit. One of these apps is Angry Birds, the game made popular on iPhones and iPads.
Another group of hackers, Hacklous, announced that they cracked the DRM in the Mac App Store via a piece of software called Kickback that allows users to circumvent the DRM in all apps sold in the store. Hackulous said though that it wouldn't release the tool until more (than the current 1000) apps are available in the Mac App Store.
As with every hack, there are downsides. Chester Wisniewski of security firm Sophos warned that some applications downloaded from the Mac App Store can be modified to include malicious code: "It wouldn't surprise me to see a surge in markets for pirated applications that might just be booby-trapped to include unexpected surprises," he says.
"While users who are willing to pay for their Apps are likely to remain relatively safe, those who are prepared to run pirated software expose themselves to downloading fake or maliciously modified apps," adds in another blog post Sophos' Rich Baldry. Virus and malware threats on Mac are relatively low, so if you download apps only from the Mac App Store, which Apple validates, then you should be safe for the time being.