Were Sky's Android apps *really* hacked and replaced by the Syrian Electronic Army?

It appears that the notorious Syrian Electronic Army hacking group have claimed yet another scalp.

The news broke after Sky's official support account (@SkyHelpTeam) tweeted a series of messages telling users to uninstall the Android versions of their Sky News and Sky+ apps.

Sky tweet

Furthermore, the group shared screenshots with journalists of what appeared to be the Google Play developer account for Sky's apps, complete with the logo of the Syrian Electronic Army and the message "Syrian Electronic Army was here".

Syrian Electronic Army was here

I'm not saying that a hack didn't occur, but I would urge people to be a little cautious (considering the SEA's habit of hacking the Twitter accounts of media organisations) about trusting the messages sent out via @SkyHelpTeam.

Notice, for instance, that the tweets from @SkyHelpTeam have been sent via Twitter.com's web user interface, whereas the account normally supports users via "Lithium Social Web".

Comparison of tweets

Furthermore, there is no official mention that I could find about the Android app problem on Sky's Help Forum.

It seems strange that Sky's support team would tweet a warning to users about their apps, but provide no link to where further information will be provided.

And let's take a closer look at the wording of that warning:

"please remove the apps if you are already installed it"

Was that written by someone who isn't a native English speaker?

I'm not saying that Sky didn't have its Google Play account hacked, or that the entries for its Android apps were not defaced. At the time of writing, many Sky Android apps are unavailable to access via Google Play which indicates that something unusual has happened. Frustratingly, that also means that they cannot be downloaded to check for signs of malware or tampering.

But we should retain a healthy skepticism about implicitly trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.

Sky, if you were hacked, please post an official statement and a link to an advisory telling users of your Android apps what they should do on your support forum.

Meanwhile, users might be wise to uninstall the questionable Android apps until clearer official guidance is available from Sky.

Update: Looks like my hunch was right. CNET UK is quoting a Sky spokesperson who has confirmed that its Twitter account was hacked.

"The Sky Help Team's Twitter account has been compromised, and the tweet that states customers should uninstall their apps is not guidance from Sky. We are currently investigating the situation. We will provide a further update when we have more information."

It's just a shame that Sky has taken over 12 hours to say this...

Update 2: More details can be read in this report from Pocket Lint.

I think it's worth saying again: Stop trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.

Tags: , , , ,

Subscribe to the free GCHQ newsletter


, , , ,

Leave a reply

18 Comments on "Were Sky's Android apps *really* hacked and replaced by the Syrian Electronic Army?"

Notify of
avatar

Sort by:   newest | oldest | most voted
Paul
Visitor
Paul
May 26, 2013 9:57 am

Graham, Sky looks like it's try to cover this up as post's asking about the hack on Sky FaceBook page are being deleted, nothing on sky news website or sky home page, emailed sky news asking why nothing on there only to be told £Sorry we don't know what you are talking about" lol, So it's Sky being Sky and sticking their heads in the sand.

Hahaha48
Visitor
Hahaha48
May 26, 2013 12:32 pm

Yes the apps were defintely hacked, app description on Google Play was "Syrian Electronic Army was here" and ther was an update on 2013/5/25

Allan
Visitor
Allan
May 26, 2013 12:56 pm

I work for sky and this is pretty typical. Every one running around like headless chickens and the public know nothing. Same thingwith the email fiasco

liz727
Visitor
May 26, 2013 8:44 pm

Aha! Allan, I'm glad you said that, has that bloody email thing been sorted out yet? You're right, utter fiasco, what were Sky thinking switching to Yahoo-virus-ridden-mail of all things? I don't trust it now, never will again. Not at all getting at you – must have been as much a nightmare for staff as for clients – just it was SO bad, I'm still venting! All my best.

Ben
Visitor
Ben
May 26, 2013 1:07 pm

Sky was definitely hacked, take a look at the apps linked their tweets, the first actually links to a page where you can install their Sky News app (even though this is hidden in the Play Store). While it is possible their Sky Help twitter was also hacked, this was probably just to attract more attention about their app's which have been hacked.

Now as a security researcher, if you could download this app: https://play.google.com/store/apps/details?id=com.bskyb.skynews.android&hl=en
and research if any changes have been made or if there are any viruses in it, that would be great :)

David Ace
Visitor
David Ace
May 26, 2013 1:28 pm

The evidence it is real is on the Play Store, so ironically it's this article that cannot be trusted.

stewgreen
Visitor
May 26, 2013 6:18 pm

– I tend to believe Graham Cluley is exactly right and the rest of the Idiot twittersphere who don't check facts before inciting panic by tweeting an instruction to remove apps , before any PROPER confirmation from Sky (except for the hacked twitter account)
– If you look you see that since Saturday night tSky have been using a new twitter account
@SkyHelpTeam1
– But Sky are real idiots for issuing any info at all up to now

alex
Visitor
alex
May 26, 2013 7:18 pm

If the apps were hacked and replaced, the source code would have had to have been changed, the permissions required to be authorised by the end-user are likely to have been changed, and the end-user would have had to approved a upgrade saying something like "read emails", "read text messages" (or whatever).

I would think it would have been obvious

Callum
Visitor
Callum
May 26, 2013 8:49 pm

I am starting to wonder.

Saw on CNET that the twitter has been confirmed as hacked by Sky spokesperson.

Also seems to be the case that the APK files weren't modified.

With the twitter account being hacked, there seems to be lacking the usual messages from SEA.

I wonder if twitter have changed policy to block all posts from a compromised account or introduced suspicious activity policy?

stewgreen
Visitor
May 27, 2013 9:12 am

I was unbelievable Graham Cluley BEAT 95% of the Twitterphere(and REAL news orgs like ITV)
– Some one posted on our BBC Click Radio FB Group – so I checked and found Sky and GooglePlay had no news about the event STRANGE .. A couple of Google minutes and I was your article
– "yep what this guy is saying makes much more sense"
I tested – "not hacked" sky – on Googled Googled News etc nothing except 1 other person on Twitter saying an App Hack was V UNLIKELY.. but I still thought you were right
WELL DONE Graham

stewgreen
Visitor
May 27, 2013 9:45 am

G says :"Stop trusting Twitter warnings .."
I say : Stop being dumb & believing ANYTHING without evidence
– & the rule is : Extraordinary claims * need Extraordinary proof
– (& it's disgraceful the way news media have left the news stories up on the web with hyping headlines ..and just put a little note at the bottom with the correction )

djh
Visitor
May 28, 2013 12:49 pm

With a robust applications security policy Sky would not have been vulnerable to this type of attack!

http://webdiary.com/2013/05/28/appsecurity/

wpDiscuz