The Syrian Electronic Army, a hacking group held responsible for several visible attacks in the last few weeks, was reported to have taken control of British broadcaster BSkyB's Sky Android apps in the Google Play Store by AndroidPolice. The group was seen replacing the promo headers with SEA's logo, and changing the app description to read “Syrian Electronic Army Was Here.“
BSkyB has since removed all its Google Play Store apps from the market and has told users in a statement that they will get in touch with them when the apps come back to the store. It was also reported by CNET that the BSkyB twitter account was found compromised by the group. In a tweet seen earlier from the BSkyB compromised account, hackers acting as the broadcasters, warned its users to uninstall all Sky apps, as they “were hacked and replaced.”
The BSkyB tweet that was later reported to be from the hackers
It also appears that the SEA was able to infiltrate not only the company’s Sky+ and Sky News Android apps, but also the Sky Go, Sky Wi-fi, Sky Movies, and Sky Sports News apps. The SEA has in the past been reported to be behind attacks on several media organisations. According to a report by the Vice, the group has gone after the Washington Post, Al Jazeera, the Human Rights Watch, Financial Times and the Onion, among others. They have also targeted the Twitter accounts of ITV and BBC Weather.
The BSkyB app that was hacked by the SEA (image credit: TheNextWeb)
How exactly the SEA managed to attack BSkyB is a big question though. The most likely answer, according to reports, is that the SEA somehow managed to steal BSkyB's signing keys as well as the developer account password. That seems to be the only way the group could have done this, because without the signing keys, the Play Store would not have allowed the apps to update.
Because it has now been seen that the BSkyB twitter account was hacked, it seems likely that all the .apk files of the apps were replaced after the developers account was compromised.
It seems a far easier task to change the app description and promo images this way, rather than obtaining the signing keys for the apps. The only evidence to say that the .apk files were replaced is the false tweet that the SEA put up though. Be that as it may, the repercussions of this attack can be far-reaching, depending on how this attack was executed.