Malicious code can be surreptitiously planted on the Apple App Store and then downloaded by iOS devices, researchers have shown at BlackHat in Las Vegas, where they also showed how a bespoke charger could be used to hack an iPhone.
Like polymorphic malware, the “Jekyll” proof-of-concept code introduces new functionality that is not checked during Apple’s approval process.
“We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Tielei Wang, a researcher at the Georgia Tech Information Security Center (GTISC).
“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”
SOURCE: techweekeurope.co.uk
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
There are a number of commonly used verification tools out…
Phishing remains a relentless and highly effective cybersecurity threat. Despite…
Each year, Cybersecurity Awareness Month serves as a valuable reminder…
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…