Tag Archive: iPhone


iTunes Account Hijacking


There have been a number of stories in the news lately that highlight the growing problem of people gaining unauthorised access to iTunes accounts and siphoning off money from people’s bank accounts in clever ways. These highlight the evolution of crime in an increasingly service-orientated world and people’s individual responsibility to keep their accounts safe.

Consider this scenario: either a genuine-looking website or an application installed on a smartphone asks you for your email address and password in order to access some specific content, like some music you’re looking for online or an app that you want to install. You happily give your details to this site and you may or may not get what you were requesting. A couple of weeks later, you get your bank statement saying that you have spent £1000 in iTunes. You have no idea that this has taken place, you contact your bank, who say that they can’t do anything about it because the purchases were authorised: they were all for giftcards.

What has happened here is that someone has tricked you into giving your account credentials to them, they’ve logged in as you, bought a whole load of very re-saleable items (especially at less than face-value) using your bank details (that they don’t even need to know) and got off scot-free.

This is already happening. And it is resulting in arrests. However, the victims are finding it very hard to claim the money back, as the banks are taking no responsibility for it.

Things you can do:

  • Be very wary of giving your username and password to anyone unless you are very sure that the site requesting them is genuine.
  • Use a different password for different websites
  • If possible, disable the ability to purchase high-value items to limit the impact of a successful hijacking
  • Change your passwords regularly

Mobile phone applications are huge business. There are millions of apps available for every conceivable purpose; some are useful, some are seriously irritating (the electronic vuvuzela, anyone?!). But people sometimes forget that apps are just like programs for computers: they don’t always do what you expect them to.

Apple vs. Android

I’m not a big fan of the way that Apple manage their app store but it does have one advantage over many others – by checking every application submitted, Apple are undoubtedly preventing applications from getting anywhere near iPhones, iPods and iPads that may compromise the platform or user account data. The advantage of doing this has been highlighted today with a report by a blog post from Lookout, a mobile phone security company. They analysed an Android wallpaper application and found that, despite its benign appearance, it was sending user data, including phone numbers, subscriber data and other details back to the developers.

While the author of the blog post is keen to stress that there is no evidence of deliberately malicious activity, it is a concern that some apps may be doing things you aren’t expecting.

%d bloggers like this: