Now, last night I read an article which really didn’t add up. Yesterday morning we found that all of the Sky Android apps had been hacked but now Sky telling customers that there’s no need to worry and that the Twitter account was hacked. The “Sky statement” given out via Twitter says..
The Sky Help Team’s Twitter account has been compromised, and the tweet that states customers should uninstall their apps is not guidance from Sky. We are currently investigating the situation. We will provide a further update when we have more information.
Now, I think this really needs a bit of clarification. Here’s some screenshots from the Sky Go app as it is right now on my phone. As you can see, the preview images have been changed, the description, the web page and email.
From what I can see the Sky Go app works perfectly fine. I’ve removed it and re-downloaded just to be sure (although it doesn’t show in Google Play right now, if you find it through a history search you can still download it). Sure, usually “hacked” apps work fine anyway (whilst silently taking your personal details), but I couldn’t find anything happening under the hood..
Perhaps, if I’m right, Sky should say..
“The app listings were altered but the apps themselves didn’t auto-update, so they still work as expected. Also, in other news, our Sky account got hacked and that seemed to send “official” advice that you should remove the apps when in fact it wasn’t necessary.”
It’s even more confusing is that the Syrian Electronic Army could’ve easily sent updates to all these apps and trashed them, but they didn’t, they just created an illusion which has caused Sky a huge amount of grief. Also, why haven’t Sky regained control of their @SkyHelpTeam Twitter account yet?
Here’s my Sky Go app that I’ve just downloaded via the Google Play Store…
Sky now appear to have moved their helpdesk operations across to an “overflow” Twitter account of @skyhelpteam1 and are maintaining a solid response on the matter. They just state that the apps have been removed from Google Play following “a security alert”..
The @skyhelpteam1 account, which we assume hasn’t been hacked as there’s several dozen helpful tweets to customers this morning, also states that..
Sky Android apps previously downloaded by Sky customers are unaffected and there is no need to remove them from your Android device
— Sky Help Team (@SkyHelpTeam1) May 26, 2013
So, if you do have the apps on your phone, hopefully you won’t need to worry as they’ve not been fiddled with, only the listings withing Google Play… err.. and the @skyhelpteam Twitter account, which still seems to be locked out. It’s a shame that the 28,000+ people following the main @skyhelpteam account might not find out the truth for days.
How has this happened? Well, if other big-name “hacks” are anything to go by, I’m prepared to bet that the Syrian Electronic Army used their familiar and pretty successful tactic of sending a carefully-crafted phishing email to Sky HQ. One accidental click, one fake Google link followed, and the password is all-too-easily obtained..
“It’s even more confusing is that the Syrian Electronic Army could’ve easily sent updates to all these apps and trashed them”
They would have had to get access to Sky’s private signing key in order to publish any apps that phones would accept as an auto-update.
If the keys are different, people’s phones would have refused to auto-update, and people would have to uninstall to install the ‘hacked’ versions.