Hack Day: App attack

A concept image of iPhone apps

Jonathan Swift has turned hacker for the day and reveals how spyware can be one of the most powerful weapons in a cyber criminal’s arsenal.

Looking for spyware?

Where are you looking? On your main servers? On staff laptops? Even on their phones? Perhaps your Bring Your Device to Work screening hasn’t been as diligent as it might have been?

All good places to look but how about your apps?

I worked on your app Check My Drive, the one you designed for your customers, and thought it might be a clever idea to build in a piece of spyware just in case it took off.

Wow! The data I have now have on your customers is going to be very interesting to some criminal gangs I am in touch with. I can even see where these customers are driving to and pick up on their routines and favourite haunts.

I could sell the information back to you but I think I’ll get more money for it my way. Crime pays…

Is it in the Android app or the Apple app or both? Wouldn’t you like to know?

What data did I target? Well, I wasn’t greedy. I don’t need much to make myself a tidy sum. I haven’t taken the same data from everyone, or even targeted every customer. The triggers for activating the spyware are actually quite sophisticated but with something that is almost permanently connecting the user to the internet, grabbing the data hasn’t been too hard.

Of course, you can re-engineer the app and try to take the spyware out of it but the damage is done.

What are you going to tell your customers now? You can’t be sure which ones have lost personal data and which ones haven’t.

Do you tell them all? Or, do you deploy expensive resources to try and trace where the spyware was active? Tough choice. I’m glad I am not in your shoes.

Of course, I could let the media know how careless you have been. A couple of posts on Twitter and you’ll be answering some very awkward questions.

You also need to think about how I got myself into a position to embed this in your high profile App.

Was I on your staff or did I work for one of the developers you had to sub-contract to get this project off the ground?

I might even still be working for you – you might even ask me to find the solution. Wouldn’t that be ironic?

Great App by the way.

  • LinkedIn  
  • Save this article
  • Print this page  
blog comments powered by Disqus

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected].

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have an Insurance Age account, please register now.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: