Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Apple

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc 206

Posted by samzenpus from the wolf-in-sheep's-clothing dept.
An anonymous reader writes "A malware test app sneaked through Apple's review process disguised as a harmless app, and then re-assembled itself into an aggressive attacker even while running inside the iOS 'sandbox' designed to isolate apps and data from each other. The app, dubbed Jekyll, was helped by Apple's review process. The malware designers, a research team from Georgia Institute of Technology's Information Security Center, were able to monitor their app during the review: they discovered Apple ran the app for only a few seconds, before ultimately approving it. That wasn't anywhere near long enough to discover Jekyll's deceitful nature."
This discussion has been archived. No new comments can be posted.

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc More

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc

Comments Filter:

  • iOS apps -- can they self-modify? (Score:4, Interesting)

    by swb ( 14022 ) on Monday August 19, 2013 @01:36PM (#44609155)

    Let's say you submit an app to the app store, and like many it's designed to do something fairly idiotic that today's kids find funny, say, take a picture and then superimpose the picture onto a set of background images included with the app.

    Now, let's say the app writer has steganographically embedded "naughty" code in the background images, maybe even going so far as to spread the code across all the images, encrypt, etc. to make it difficult to find.

    Can the app modify itself by taking its hidden code from the images and actually execute it? Can you download "new" code from the internet, even if its steganographically hidden? It seems like you shouldn't be able to do this, like the apps should be sandboxed from modifying their own code just to prevent importing unapproved code.

  • Q&A (Score:5, Interesting)

    by tuo42 ( 3004801 ) on Monday August 19, 2013 @01:38PM (#44609189)
    When I read this article, it strengthens my opinion that the Q&A process for the App Store is absolutely flawed. Don't get me wrong, regardless of wether you like or hate the walled garden, I actually am of the opinion that the guidelines - especially the UI guidelines - developers have to follow to beeing approved for the app store are a good thing in and itself. The Google Play store has similar guidelines, allthough - IMHO - not as focused on user experience.

    I had a apps declined due to improper usage of a certain widget in another certain widget which was not deemed "correct" (switch button in a table footer for example), but always was able to either find a similar solution or - in one rare case (the one mentioned) - explaining WHY that switch button is there, and how if you take a look at the UI, understand what it does.

    Then again I saw apps in the store which completely failed most of the even basic guidelines, described as (between the lines): "fail these, and your app will 100% be NOT approved", and I wondered "how did they get in there"?

    Talked to other developers, same experience. Some knew they had a few things in there against the guidelines (custom springboards, views not conform with the UI guidelines) and hoped to get through. Sometimes they managed, sometime not, so they also got the feeling that the Q&A for the App store is somewhat like tax declaration. They don't seem to have enough time/ressources to check all, so if you something that is against the guidelines, you have to hope that you are one who doesn't get checked thoroughly.

  • Re:iOS apps -- can they self-modify? (Score:5, Interesting)

    by schneidafunk ( 795759 ) on Monday August 19, 2013 @01:41PM (#44609225)
    From my understanding, compiled code is reviewed once. However, in the cell phone app that I made, a lot of content was pulled from a database that I controlled, meaning product information could be updated by me without the need of review from Apple. We joked about replacing images with NSFW images, but I imagine what this team did was have a compiled app that ran code from a DB and was similarly able to be updated later.

  • Re:Apple review process = a few seconds? (Score:5, Interesting)

    by PIBM ( 588930 ) on Monday August 19, 2013 @01:50PM (#44609335) Homepage

    I've had a game published which wasn't even started, or approved while only displaying 'an internet connection is required to proceed'. It's hard to be checked out less than this..

  • I call bullshit on "unaware" claims (Score:4, Interesting)

    by SuperKendall ( 25149 ) on Monday August 19, 2013 @01:52PM (#44609353)

    I can totally see getting an app through the submission process that does something a bit sneaky. Sometimes the app reviewers hardly look at a thing (though sometimes they look very carefully, it just depends on the reviewer).

    But the claim the app could "wreak havoc" needs some proof. They said:

    a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps â" all without the users knowledge

    Every single one of those, requires permission from the user to do - posting tweets an app cannot do directly, it brings up a sheet. Same thing for email/SMS. Taking photos requires an OK from the user to access the camera. You cannot "attack other apps" because of the sandbox.

    Extraordinary claims, like a complete breaking of the sandbox, require more proof than they have presented. I would bet they are saying they THEORETICALLY could break out of the sandbox but have absolutely no actual working exploits that go outside of existing user permissions and the sandbox...

  • Re:Wreak Havoc seems a bit overblown (Score:2, Interesting)

    by Anonymous Coward on Monday August 19, 2013 @01:55PM (#44609391)

    Reminds me of this scene from First Contact:

    (Picard drains the coolant, finds the Borg Queen's head and neck that is still blinking. He breaks the neck)
    DATA: Captain.
    PICARD: Data, ...are you all right?
    DATA: I would imagine that I look worse than I ...feel. ...Strange. ...Part of me is sorry she is dead.
    PICARD: She was unique.
    DATA: She brought me closer to humanity than I could have thought possible. And for a time I was tempted by her offer.
    PICARD: How long a time?
    DATA: Zero point six eight seconds, sir. For an android ...that is nearly an eternity.

  • Monitored? (Score:5, Interesting)

    by wiredlogic ( 135348 ) on Monday August 19, 2013 @02:00PM (#44609435)

    What kind of two-bit operation is Apple running if apps can phone home during the vetting process.

  • Re:iOS apps -- can they self-modify? (Score:4, Interesting)

    by cusco ( 717999 ) <brian.bixby@[ ]il.com ['gma' in gap]> on Monday August 19, 2013 @02:02PM (#44609463)
    One of the voting machine vendors (not Diebold) actually did this in order to pass testing to get approval. From Date 01 to Date 07 it would only run locally available code, but then from Date 08 onwards it would check for scripts available on the inserted compact flash card and run them if they existed. The CF cards were only supposed to be used for recording votes, but the company was also using it to update the machine's firmware. No one knows for sure whether the scripts were used to change votes or anything else, but the possibility was certainly there.

  • Re:BUT MACS DON'T GET ... (Score:5, Interesting)

    by CanHasDIY ( 1672858 ) on Monday August 19, 2013 @02:25PM (#44609659) Homepage Journal

    Heh, remember when Apple changed the info on their page from "DOES NOT GET VIRUSES" to "DOES NOT GET PC VIRUSES"?

    That was classic.

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Close