Syrian Electronic Army, a hacking group responsible for several visible attacks in the last few weeks, has evidently taken control of BSkyB's Sky apps in the Play Store, replacing the promo headers with SEA's logo, and the app descriptions with "Syrian Electronic Army Was Here."


unnamed (1) unnamed (2) unnamed

In a tweet earlier, BSkyB's Twitter account (which we now know was also compromised) warned its users to uninstall all Sky apps, as they "were hacked and replaced." Indeed, BSkyB's apk files were replaced by the hacking group.

Syrian Electronic Army, the group behind the infiltration, is also responsible for attacks on the Washington Post, Al Jazeera, Human Rights Watch, Financial Times, the Onion and many others (including Twitter accounts belonging to ITV and BBC Weather), and are "enemies of Anonymous," according to an interview reported on Vice. Earlier today, it was reported that the group attempted an attack on the water system in Haifa, a city in northwestern Israel.

So, how did the attack happen? The most likely answer is that the SEA somehow stole BSkyB's signing keys and the developer account password. If the signing keys were not compromised, the Play Store would not allow the apps to update. Depending on how this attack was executed, the implications could be quite considerable.

Any resolution would likely involve stopping use of the account, pulling the apps from the store entirely, and potentially force uninstalling them from users' devices.

Update #1 (5-26 at 12:30am Pacific): At the time of this update, all affected Sky apps have been removed from the Play Store.

Update #2 (5-26 at 11:00am Pacific): CNET reports (through contact with a Sky spokesperson) that BSkyB's Twitter feed was also compromised, and that the warning mentioned above did not come from BSkyB itself. The broadcaster assures readers "we will provide a further update when we have more information."

Now that we know BSkyB's Twitter account was also hacked, it is possible (if not likely) that the .apk files in the Play Store were not actually replaced after the developer account was compromised. After all, changing the app description and promo images would be much easier than obtaining the signing keys for the apps, and the only real evidence available that the .apks were altered came in the form of a tweet that we now know was fake.

Strangely, the tweets are still up at the time of writing, indicating that perhaps BSkyB doesn't have access to the account. If in fact the SEA's attack began with a service like – for example – BSkyB's email, compromising its Twitter account would be a snap.

Any definitive information on just how the attack was carried out (or when it will be resolved) remains to be seen, but we'll keep you updated.

Update #3 (5-28 at 9:29pm Pacific): BSkyB has apparently regained control of its Twitter account, sending out a series of tweets officially acknowledging the attack and updating users on the current situation.

There's still no word on just when BSkyB will be able to re-release their apps, or how current users will be affected, though the company assures readers that previously downloaded apps will continue to work normally.

Thanks, Paul!