We have seen a number o high-profile attacks on popular websites recently. Facebook, Apple, Twitter – all were affected. Although formal investigation is going on right now, Mike Isaac of AllThingsD has already revealed a name that might have played an important role in the attacks. It’s a website named iPhoneDevSDK that is devoted to share information about mobile development.
The name was first cited by people close to Facebook hacking investigation. The common thing among Facebook and all other parties being hacked was that the developers of all these sites visited iPhoneDevSDK. And, hackers used the site as a bet to hack into other websites.
The technique used is known as “watering hole” attack. This type of attack is launched from a popular location where many people visit. Once the user systems are infected, it goes on to launch an attack on the user’s network.
However, no one has officially acknowledged that iPhoneDevSDK was used to infiltrate the networks of Facebook, Apple or Twitter. When iPhoneDevSDK was contacted by AllThingsD, he replied,
“We’re investigating Facebook’s reports that iPhoneDevSDK was hosting an exploit targeted at Facebook employees. We’re actively ensuring that is not the case. Facebook originally noted that they immediately reached out to other affected companies, but we were never contacted by Facebook, any other company, or law enforcement. Our users’ security is incredibly important to us and we’ll be sure to follow the investigation through to completion.”
If iPhoneDevSDK is really found to have been compromised then the implications would be dire. The huge number of people visiting the site from different industries might be under the radar of the hackers already.
Thanks to: AllThingsD