How Apps Can Get Around Apple Security
August 1st, 2013
Georgia Tech researchers have developed a proof-of-concept attack called Jekyll that involves using Trojan Horse-style apps to sneak malware past Apple’s app review process and onto iOS devices such as the iPhone and iPad.
Georgia Tech Information Security Center (GTISC) Associate Director Paul Royal says we can get lulled into a false sense of security by Apple’s renowned app review process for iOS devices.
Researcher Tielei Wang’s team created a proof-of-concept attack that was published in the Apple App Store and used to remotely launch attacks on a controlled batch of devices, enabling them to post unauthorized tweets, take photos and even go after other apps.
More detailed findings are being revealed in a paper titled “Jekyll on iOS: When Benign Apps Become Evil,” which will be presented at the USENIX Security Symposium Aug. 14-16 in Washington, D.C.