Phillipe Christodoulou got ripped off to the tune of more than a million dollars. An iPhone app stole 17.1 bitcoins from his Trezor hardware wallet.
How’s that possible? Apple curates its App Store, to ban malware, right? Wrong: If an app developer submits a benign app initially, it can later replace that app with a malicious update, admits Apple.
Are you serious? Deadly. In today’s SB Blogwatch, we learn valuable lessons.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Owen Magnetic.
Tim’s Security Halo Slips
What’s the craic? Read Reed Albergotti’s report—“A fake app stole his life savings in bitcoin”:
Christodoulou is angrier at Apple than at the thieves themselves: He says Apple marketed the App Store as a safe and trusted place, where each app is reviewed. … “They betrayed the trust that I had in them. … Apple doesn’t deserve to get away with this.”
Apple says it curates the store and checks each app, which creates high levels of consumer trust. … Apple touts user safety as its defense against accusations from lawmakers, regulators and competitors that the company uses its monopoly over app distribution on iPhones anti-competitively.
[But] the ability of apps to morph into something else entirely after they are approved by the App Store raises questions about the effectiveness of Apple’s review process to stop scammers. … The fake Trezor app got through the app store through a bait-and-switch, according to Apple. … Apple does not allow these sorts of changes, but Apple says it does not know when they occur. It relies on users and customers to report it when it happens, the company said.
Christodoulou says he’s taking medication and seeing a psychiatrist. “It broke me. I’m still not recovered from it.” … He still hasn’t heard from Apple.
And Paul Lilly puns it up—“Scammer Bitcoin App Scales Apple Walled Garden”:
It’s an unfortunate situation that both serves as a cautionary cryptocurrency tale, and highlights a need for better vetting of mobile apps. [But] there are nearly 2 million apps in the App Store, and new ones are being added all the time … so malicious apps…