Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Apple

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc 206

Posted by samzenpus from the wolf-in-sheep's-clothing dept.
An anonymous reader writes "A malware test app sneaked through Apple's review process disguised as a harmless app, and then re-assembled itself into an aggressive attacker even while running inside the iOS 'sandbox' designed to isolate apps and data from each other. The app, dubbed Jekyll, was helped by Apple's review process. The malware designers, a research team from Georgia Institute of Technology's Information Security Center, were able to monitor their app during the review: they discovered Apple ran the app for only a few seconds, before ultimately approving it. That wasn't anywhere near long enough to discover Jekyll's deceitful nature."
This discussion has been archived. No new comments can be posted.

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc More

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc

Comments Filter:

  • Re:I call bullshit on "unaware" claims (Score:5, Informative)

    by Bogtha ( 906264 ) on Monday August 19, 2013 @02:15PM (#44609585)

    Every single one of those, requires permission from the user to do - posting tweets an app cannot do directly, it brings up a sheet.

    Read the paper - they watched the interaction in a debugger to find the right messages to send to the right private classes in order to bypass this.

    This only worked with iOS 5 - last year Apple moved sheets like these into external processes and used a proxy view controller to show them in applications instead of embedding the functionality directly, so attacks like this aren't possible any more where this technique has been used.

    I agree that this is somewhat sensationalised, but they were able to do this without the normal user approval in the 4% or so of people still running a two year old version of iOS.

  • Re:Apple review process = a few seconds? (Score:5, Informative)

    by gl4ss ( 559668 ) on Monday August 19, 2013 @02:26PM (#44609673) Homepage Journal

    you can go without a middleman for android apps.. all android devices allow you to install apk's.

    now that is a large difference to iOS or windows phone.

    if you don't see the difference then you're a fucking moron, the other os allows you to point to a file on any fucking webserver and the other doesn't. the other platform allows you to install anything without the device(or os) manufacturer greenlighting the app while the other censors whatever the fuck it wants that week to censor.

  • Aha (Score:3, Informative)

    by SuperKendall ( 25149 ) on Monday August 19, 2013 @02:33PM (#44609745)

    I looked for the paper but could not find the link. Thanks for the extra info.

    As I thought, they did not break the sandbox at all. Attacks that don't work in iOS6 are irrelevant at this point...

    It's totally sensationalized. It remains true there's no way a real app can "wreak havoc" even if you inject code later.

  • Re:BUT MACS DON'T GET ... (Score:5, Informative)

    by Samantha Wright ( 1324923 ) on Monday August 19, 2013 @02:44PM (#44609889) Homepage Journal
    iOS still has a lot going on under the floorboards that's a rather faithful ARM port of OS X. At least for the pertinent intents and purposes, it's pretty safe to say iPhones are Macs. And stuff.

  • Re:I call bullshit on "unaware" claims (Score:5, Informative)

    by Zalbik ( 308903 ) on Monday August 19, 2013 @02:45PM (#44609897)

    This only worked with iOS 5

    Some items only worked in iOS 5.

    Based on Table 1 from their paper here [usenix.org], the following items could be accomplished by their app on iOS 6:
    - posting tweets
    - using the camera
    - dialing
    - using bluetooth
    - crashing safari
    - stealing device

    It was only sending SMS messages, sending email, and rebooting the system that were limited to iOS 5.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close