BlackHat: Researchers Sneak Malware Past iOS Security Protections

By   ISBuzz Team
Writer , Information Security Buzz | Aug 01, 2013 11:03 pm PST

Malicious code can be surreptitiously planted on the Apple App Store and then downloaded by iOS devices, researchers have shown at BlackHat in Las Vegas, where they also showed how a bespoke charger could be used to hack an iPhone.

Like polymorphic malware, the “Jekyll” proof-of-concept code introduces new functionality that is not checked during Apple’s approval process.

“We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Tielei Wang, a researcher at the Georgia Tech Information Security Center (GTISC).

“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”


Recent Posts