Security Researchers Sneak Malware Into Own App Store App

Security Researchers Sneak Malware Into Own App Store App

Posted by · 9823 views · Translate

Tielei Wang and his team of security researches at George Tech have discovered a vulnerability that allows them to create certain malicious iOS apps and have them published in the Apple App Store.

The team created the 'Jekyll' app, which was submitted to Apple through the normal App store review process. Once it was published, the team downloaded the app on their testing devices and were able to have the app successfully carry out malicious activities like sending emails and texts, snapping photos and more. There were even kernel vulnerabilities exploitable.

When Apple reviews the app, the code and functionality will appear harmless, however once the app is installed on a device, the code can be exploited by the authors.

The team immediately pulled their app, but there still is the potential for other similar apps to get on the App Store and do the same, unless Apple pushes out a fix.

Wang was also a part of the team that found the malicious charger vulnerability, which Apple has fixed in iOS 7 beta 4.

The team explained that since the team does not rely on any particular bug, it makes it difficult for Apple to fix.

It is not easy for Apple to detect or prevent Jekyll Apps, because it implies that Apple needs to detect or prevent intended bugs in third party apps.

The researchers have presented their findings to Apple, so hopefully this can be addressed in a future software update.

Read More via iMore via Tzvi

Security Researchers Sneak Malware Into Own App Store App

Moon - August 5, 2013 at 9:46pm
Apple needs to follow twitter (haha, no pun intended) and have "verified publishers".
Apple certified 9yrs - August 5, 2013 at 8:53pm
Are you crazy?If THEY did it,can you imagine what's already going on in your idevice?
Copperhead - August 5, 2013 at 8:44pm
At least Tielei Wang and his team is trying to help, and we all love that he is helping Apple to be a more secure place to enjoy. Thank you Tielei Wang and your team. There needs to be more good people like you guys on this earth...