Malicious code can be surreptitiously planted on the Apple App Store and then downloaded by iOS devices, researchers have shown at BlackHat in Las Vegas, where they also showed how a bespoke charger could be used to hack an iPhone.
Like polymorphic malware, the “Jekyll” proof-of-concept code introduces new functionality that is not checked during Apple’s approval process.
“We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Tielei Wang, a researcher at the Georgia Tech Information Security Center (GTISC).
“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”
SOURCE: techweekeurope.co.uk
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…