Were Sky’s Android apps *really* hacked and replaced by the Syrian Electronic Army?

It appears that the notorious Syrian Electronic Army hacking group have claimed yet another scalp.

The news broke after Sky’s official support account (@SkyHelpTeam) tweeted a series of messages telling users to uninstall the Android versions of their Sky News and Sky+ apps.

Sky tweet

Furthermore, the group shared screenshots with journalists of what appeared to be the Google Play developer account for Sky’s apps, complete with the logo of the Syrian Electronic Army and the message “Syrian Electronic Army was here”.

Sign up to our free newsletter.
Security news, advice, and tips.

Syrian Electronic Army was here

I’m not saying that a hack didn’t occur, but I would urge people to be a little cautious (considering the SEA’s habit of hacking the Twitter accounts of media organisations) about trusting the messages sent out via @SkyHelpTeam.

Notice, for instance, that the tweets from @SkyHelpTeam have been sent via Twitter.com’s web user interface, whereas the account normally supports users via “Lithium Social Web”.

Comparison of tweets

Furthermore, there is no official mention that I could find about the Android app problem on Sky’s Help Forum.

It seems strange that Sky’s support team would tweet a warning to users about their apps, but provide no link to where further information will be provided.

And let’s take a closer look at the wording of that warning:

“please remove the apps if [highlight]you are already installed it[/highlight]”

Was that written by someone who isn’t a native English speaker?

I’m not saying that Sky didn’t have its Google Play account hacked, or that the entries for its Android apps were not defaced. At the time of writing, many Sky Android apps are unavailable to access via Google Play which indicates that something unusual has happened. Frustratingly, that also means that they cannot be downloaded to check for signs of malware or tampering.

But we should retain a healthy skepticism about implicitly trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.

Sky, if you were hacked, please post an official statement and a link to an advisory telling users of your Android apps what they should do on your support forum.

Meanwhile, users might be wise to uninstall the questionable Android apps until clearer official guidance is available from Sky.

Update: Looks like my hunch was right. CNET UK is quoting a Sky spokesperson who has confirmed that its Twitter account was hacked.

“The Sky Help Team’s Twitter account has been compromised, and the tweet that states customers should uninstall their apps is not guidance from Sky. We are currently investigating the situation. We will provide a further update when we have more information.”

It’s just a shame that Sky has taken over 12 hours to say this…

Update 2: More details can be read in this report from Pocket Lint.

I think it’s worth saying again: Stop trusting warnings that have only been shared via Twitter, especially when the reported attack relates to a group with a history of hacking the Twitter accounts of media organisations.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

18 comments on “Were Sky’s Android apps *really* hacked and replaced by the Syrian Electronic Army?”

  1. Paul

    Graham, Sky looks like it's try to cover this up as post's asking about the hack on Sky FaceBook page are being deleted, nothing on sky news website or sky home page, emailed sky news asking why nothing on there only to be told £Sorry we don't know what you are talking about" lol, So it's Sky being Sky and sticking their heads in the sand.

  2. Hahaha48

    Yes the apps were defintely hacked, app description on Google Play was "Syrian Electronic Army was here" and ther was an update on 2013/5/25

    1. Graham CluleyGraham Cluley · in reply to Hahaha48

      An app description changing on Google Play suggests that Sky's Google Play account was compromised.

      It does not, in itself, suggest that the apps themselves were tampered with and reuploaded.

      Unfortunately the relevant Google Play pages have now been removed – presumably while Sky tries to get a handle on the situation.

  3. Allan

    I work for sky and this is pretty typical. Every one running around like headless chickens and the public know nothing. Same thingwith the email fiasco

    1. Graham CluleyGraham Cluley · in reply to Allan

      "Colin was here"


    2. liz727 · in reply to Allan

      Aha! Allan, I'm glad you said that, has that bloody email thing been sorted out yet? You're right, utter fiasco, what were Sky thinking switching to Yahoo-virus-ridden-mail of all things? I don't trust it now, never will again. Not at all getting at you – must have been as much a nightmare for staff as for clients – just it was SO bad, I'm still venting! All my best.

  4. Ben

    Sky was definitely hacked, take a look at the apps linked their tweets, the first actually links to a page where you can install their Sky News app (even though this is hidden in the Play Store). While it is possible their Sky Help twitter was also hacked, this was probably just to attract more attention about their app's which have been hacked.

    Now as a security researcher, if you could download this app: https://play.google.com/store/apps/details?id=com.bskyb.skynews.android&hl=en
    and research if any changes have been made or if there are any viruses in it, that would be great :)

    1. Graham CluleyGraham Cluley · in reply to Ben

      The link comes up "Not found" for me.

  5. David Ace

    The evidence it is real is on the Play Store, so ironically it's this article that cannot be trusted.

    1. Graham CluleyGraham Cluley · in reply to David Ace

      Sky hasn’t posted any updates to its support Twitter account since the wee small hours of the morning.

      Seems strange doesn’t it? Maybe they don’t have control of that account…

      Has anyone managed to get hold of an allegedly hacked Android app from Sky? Or are they just assuming the apps were hacked and replaced because Sky’s Twitter account said they were. I’m not saying that Sky’s Google Play account wasn’t hijacked, and that entries may have been defaced, but that’s somewhat different from apps being hacked.

      Indeed, Sky doesn’t seem to have confirmed that the apps were hacked either.

      On Facebook, Sky support staff are saying:

      “Sky Android apps are not currently available for download from Google Play. We are working to restore them. Further updates to follow.”

      They’re right – the apps are unavailable. But note no confirmation that they were hacked and replaced with dodgy versions by the Syrian Electronic Army.

      The truth is, no-one is sure at the moment. That’s why it’s wisest not to use Sky’s Android apps until we hear a proper confirmation of what has happened from the company.

  6. – I tend to believe Graham Cluley is exactly right and the rest of the Idiot twittersphere who don't check facts before inciting panic by tweeting an instruction to remove apps , before any PROPER confirmation from Sky (except for the hacked twitter account)
    – If you look you see that since Saturday night tSky have been using a new twitter account
    – But Sky are real idiots for issuing any info at all up to now

  7. alex

    If the apps were hacked and replaced, the source code would have had to have been changed, the permissions required to be authorised by the end-user are likely to have been changed, and the end-user would have had to approved a upgrade saying something like "read emails", "read text messages" (or whatever).

    I would think it would have been obvious

  8. Callum

    I am starting to wonder.

    Saw on CNET that the twitter has been confirmed as hacked by Sky spokesperson.

    Also seems to be the case that the APK files weren't modified.

    With the twitter account being hacked, there seems to be lacking the usual messages from SEA.

    I wonder if twitter have changed policy to block all posts from a compromised account or introduced suspicious activity policy?

    1. Graham CluleyGraham Cluley · in reply to Callum

      Thanks – I've added a link to the CNET article at the bottom of my post.

      Seems my hunch was right.

  9. I was unbelievable Graham Cluley BEAT 95% of the Twitterphere(and REAL news orgs like ITV)
    – Some one posted on our BBC Click Radio FB Group – so I checked and found Sky and GooglePlay had no news about the event STRANGE .. A couple of Google minutes and I was your article
    – "yep what this guy is saying makes much more sense"
    I tested – "not hacked" sky – on Googled Googled News etc nothing except 1 other person on Twitter saying an App Hack was V UNLIKELY.. but I still thought you were right
    WELL DONE Graham

    1. Graham CluleyGraham Cluley · in reply to stewgreen

      Thanks Stew.

      Hopefully some media outlets will recognise they screwed up over this story, learned their lesson, and will be more careful in future.

      Everyone should be careful about believing (and sharing!) news about the Syrian Electronic Army when the only source is Twitter.

  10. G says :"Stop trusting Twitter warnings .."
    I say : Stop being dumb & believing ANYTHING without evidence
    – & the rule is : Extraordinary claims * need Extraordinary proof
    – (& it's disgraceful the way news media have left the news stories up on the web with hyping headlines ..and just put a little note at the bottom with the correction )

  11. djh

    With a robust applications security policy Sky would not have been vulnerable to this type of attack!


What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.