x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Researchers tricked Apple into approving an app loaded with malware

Researchers tricked Apple into approving an app loaded with malware

Posted: , by Alan F.

Tags:

Researchers tricked Apple into approving an app loaded with malware
Researchers at Georgia Tech managed to get an app approved by Apple and posted on the Apple App Store. But unlike other apps, this one was a ticking time bomb. Inside the app, researchers placed fragments of code that were programmed to come together and assemble itself into malware. The program, aptly code named Jekyll, could send emails, tweets and texts under the radar while at the same time it could grab a device's ID number, steal personal information, take pictures and attack other apps. And it could even send mobile Safari to a page containing even more malware. In other words, this app could have been an iPhone user's worst nightmare.

The good news is that the researchers quickly took down the listing after it was posted for just a few minutes back in March. No innocent iPhone installed the app. The Georgia Tech team, on the other hand, downloaded the program and infected their own device. The researchers were able to tell that Apple ran the program for only a few seconds before giving it a stamp of approval. Unless it ran the app for a longer period of time, Apple would never know about the malware because the bad code was hidden in separate small "code gadgets" hidden by a legitimate app. Once the app was approved, the code was designed to stitch together to form the troublesome malware that could wreak havoc on an iPhone.

Apple's review process is not doing enough to safeguard the App Store. That is the message that researchers are broadcasting following the ruse. Long Lu, a member of the research team says, "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen." Lu adds that it is possible that some apps on the App Store are malware and have just not yet been detected.

source: MITTechnologyReview via GIGaom

57 Comments
  • Options
    Close




posted on 18 Aug 2013, 12:57 1

1. Kelley71 (Posts: 44; Member since: 26 Nov 2012)


Sane time?

posted on 18 Aug 2013, 13:03 4

2. gazmatic (Posts: 517; Member since: 06 Sep 2012)


at least now the app store would be safer going ahead

i dont think apple wants this kind of publicity

hopefully

posted on 18 Aug 2013, 13:05 9

3. quadrazeus (Posts: 359; Member since: 03 May 2013)


My cousin tricked Google into approving an app loaded with malware. And he's just 17, lol.

posted on 18 Aug 2013, 13:10 14

4. Sauce (unregistered)


I don't think anyone has to even 'trick' Google into getting malware onto the Play Store.

posted on 18 Aug 2013, 13:12 3

5. nerdylish (Posts: 51; Member since: 13 Apr 2013)


Anybody can do that :P

posted on 18 Aug 2013, 13:31 6

9. maysider (Posts: 38; Member since: 11 Aug 2013)


I can even rob you in the street= freedom
With iOS you have fascism

posted on 18 Aug 2013, 13:39 2

10. PhoneArenaUser (Posts: 5458; Member since: 05 Aug 2011)


You said that in defence of Apple? :D

posted on 19 Aug 2013, 00:10 3

51. quadrazeus (Posts: 359; Member since: 03 May 2013)


No. :D

posted on 19 Aug 2013, 02:55

53. PhoneArenaUser (Posts: 5458; Member since: 05 Aug 2011)


Common, you did that as tedkord says in his comment #26. :D

posted on 18 Aug 2013, 13:47 5

12. PapaSmurf (Posts: 7359; Member since: 14 May 2012)


Now that I've realized this, why even mention the Play Store when this is a App Store article...?

posted on 18 Aug 2013, 14:04 2

13. Shatter (Posts: 1967; Member since: 29 May 2013)


because IOS is said to have a lower chance of getting a virus and very few apps with it in the store while this proves that anybody can do it and get it past apple..

posted on 18 Aug 2013, 20:05

45. PapaSmurf (Posts: 7359; Member since: 14 May 2012)


You did everything but answer my question.

posted on 18 Aug 2013, 16:16 5

26. tedkord (Posts: 4275; Member since: 17 Jun 2009)


Because they have a deep seated psychological need to excuse Apple, so they try to divert attention by throwing out anything they can about the enemy. It's a time honored tactic employed by school children the world over.

posted on 18 Aug 2013, 17:58

40. PhoneArenaUser (Posts: 5458; Member since: 05 Aug 2011)


100% to the target! :)

+1

posted on 18 Aug 2013, 22:56 2

50. quadrazeus (Posts: 359; Member since: 03 May 2013)


Freedom of speech. That's why.

posted on 18 Aug 2013, 13:42 14

11. androidfanboy (Posts: 162; Member since: 24 Jun 2013)


Lol the apple fanboys are in denial haha

posted on 18 Aug 2013, 14:33 1

14. Googler (Posts: 813; Member since: 10 Jun 2013)


Those who don't think they need defenses are the most defenseless of all. App that attacks other apps, who knows what havoc this thing could have done if a true hacker had unleashed it.

posted on 18 Aug 2013, 14:53 1

16. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Major damage

posted on 18 Aug 2013, 14:50

15. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


I think the pentagon needs to hire these researchers, man they've got skillz. Apple hire these guys!!!

posted on 18 Aug 2013, 14:59 1

18. roscuthiii (Posts: 1785; Member since: 18 Jul 2010)


Very clever implementation indeed... they're probably being sequestered by the NSA as we speak (well, technically type).

posted on 18 Aug 2013, 16:01 1

21. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Wouldn't surprise me. Big brothers always watching.

posted on 18 Aug 2013, 14:54 5

17. roscuthiii (Posts: 1785; Member since: 18 Jul 2010)


There's not one thing Man can make that another can't break. All just a matter of time.

posted on 18 Aug 2013, 15:09

19. gazmatic (Posts: 517; Member since: 06 Sep 2012)


well said

posted on 18 Aug 2013, 16:01

22. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


So true

posted on 18 Aug 2013, 15:33 3

20. Taters (Posts: 2591; Member since: 28 Jan 2013)


This is why Apple is one of the worst companies in the world. They cut costs on EVERYTHING, except lawsuits, including app testing when they have a 100 billion in the bank. How can the Apple fans not see that they are getting raped hard?

Buying an Apple product is like going to the same restaurant and paying 20 bucks for a bowl of rice or instant noodles. Not only that, it is like not noticing that restaurant owner is swimming in money and not even inspecting the noodles before serving them. Then when asked by someone why they are paying $20 for a bowl of rice that costs cents and can be purchased elsewhere for $2 tops, they respond by it just works. I get full from that bowl of rice and it's simple. It's not cluttered with side dishes and stuff, you know, those things that add flavor to your meal. 0.o

You guys are getting raped and they are laughing about ripping you off by swimming in their billions and only taking 20 seconds to inspect an app. Other companies that struggle to make a profit has an excuse, they can't afford to inspect more than 20 seconds. Apple can afford it easily and they still take all the short cuts they can get, more so than even poor companies. Wake up ifans.

posted on 18 Aug 2013, 16:05

23. Sauce (unregistered)


I understand how you feel because maybe you as an individual see it differently than the individuals who purchase products from Apple. These individuals do not care about spending that money on those products because 1) They have it and can throw it around. 2) They can afford it. 3) They budget to afford a product that they like. Individuals like yourself and I, and many others for example, are not like them so we turn to other items with a cheaper price.

Then again, there are many phones just as expensive as Apple products, so it comes down to personal taste and choice. Open your eyes, there's a company and product for everyone. Apple happens not to be for you.

Of course there are many other reasons that can be listed, but from reading your ignorance, this is what came off the top of my head.

posted on 18 Aug 2013, 16:11 2

24. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


But the play store has lots of malware too. Being open source google regularly does not inspect apps before allowing them in. All companies are greedy, and money/power driven. Your post wasn't even necessary, cuz we already know how big business works. Apple, google, Samsung, and others practice it quite well. Build for low sell for high, can we say profit? Doesn't matter who's the greediest when they're all greedy, doesn't matter who profits the most when they all profit. Apple is google is Samsung. The worst companies though are cigarette, beer, food/soft drink ones. They package cancer, diabetes, heart disease, stroke, obesity, and other maladies. They sell them in the form of Pepsi, coke happy meals, and snickers. And you call apple one of the worst companies? Dude get real.

posted on 18 Aug 2013, 16:50

29. VZWuser76 (Posts: 1200; Member since: 04 Mar 2010)


Just because Android is open source, does not mean the apps are. You can't take an app someone created and make tweaks to it, only the dev who wrote it can. Now the OS you can tweak or change to your hearts content, but if you fork the OS beyond what Google allows, you lose access to Google's services, including the Play Store. That's why many lower end Android models have their own app store, because they have altered the OS beyond what Google allows and lost access to the Play Store.

If anything this is a good thing. Better the good guys finding this out than those who would use it to steal info, money, etc.

posted on 18 Aug 2013, 16:57

31. Shatter (Posts: 1967; Member since: 29 May 2013)


Apple and Samsung give you radiation, food doesn't.

posted on 18 Aug 2013, 17:36 2

35. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


No but tons of the foods we eat cause, cancer, obesity, gout, hypertension, diabetes etc. don't go there with me Shatter, keep it about tech. Health and fitness is my passion, I know my stuff...trust me on that.

posted on 18 Aug 2013, 17:44 1

39. Shatter (Posts: 1967; Member since: 29 May 2013)


You mad that the iphone has one of the highest SAR outputs out of every phone?

posted on 18 Aug 2013, 18:10 3

41. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


No I'm mad at all. I'm mad when my paycheck is short, I'm mad when the steelers, Yankees, or wolverines lose. I don't give a F about the iPhones SAR output dude. The air we breathe is poisonous enough. Try harder dude

posted on 18 Aug 2013, 16:15 4

25. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Oh did I mention, your post was simply one of your many weak/wack attempts to dis apple when say Samsung, Lady Lee, Nike, and 99% of the companies on earth do the same thing. Trust the cell, pc, or tablet you typed that weak post on, was built for wayyyyyyy less than you paid for it. You're a tech rape victim too Einstein.

posted on 18 Aug 2013, 16:29

27. Sauce (unregistered)


Lmao Touche' to him.

posted on 18 Aug 2013, 16:55 1

30. Taters (Posts: 2591; Member since: 28 Jan 2013)


LOL There are different levels of rape tardy boy. If you do not see the difference between say Apple selling 1.2ghz dual core cpu and a low powered power VR GPU, less than 720p screen, 1gb of ram, 1400 mah, some cheap gorilla glass wannabe for $699 canadian as more rape then say Samsung selling an 8core cpu with a high powered power VR gpu, 1080p OLED screen, 2 gb of DDR3 ram, 2600 mah battery, cutting edge Gorilla Glass 3 for $649.99 Canaidian, 50 less, then you are a hopeless idiot that deserves to be raped.

Sure everyone operates on a profit, that wasn't my point, but there are profits and then there are Apple rape you till your asshole bleeds type profits. Profits where Apple doesn't even give retailers except their own stores btw where other companies give plenty of those margins to retailers.

If you are too moronic to see the difference, then you deserve to be raped.

posted on 18 Aug 2013, 17:07

34. Sauce (unregistered)


Ignorance is bliss.

posted on 18 Aug 2013, 21:00

46. Taters (Posts: 2591; Member since: 28 Jan 2013)


Nothing ignorant about my post. The evidence that Apple is the biggest rip off company is there clear as day and can be read like a book.

- Huge Japanese carriers from Japan and Russia refuse to even entertain the profit margins that Apple wants.

- Apple is the only company in the world swimming in billions by selling an overpriced product.

- If you have ever worked as a buyer or finance or inventory for a big electronic retailer, then you would know that Apple is the only electronic company that keeps most of the profit margins.

- Their parts cost the least out of all companies and they sell for the highest.

There is plenty more evidence where that comes. Where is the evidence that all companies operate the same way and that Apple is just like any other premium brand like BMW? Zero, because no PC, phone, electronics company comes anywhere close to Apple's profit margins and BMW doesn't have 100 billion in the bank of pure profit.

Apple is guilty. The 100 billion is the same as getting your hand stuck in the honey jar. You simply do not make that much without being the biggest rip off in the history of consumer products.

posted on 18 Aug 2013, 21:35 2

47. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


I know you're a apple hater, but wow dude you actually sound jealous. "The only company in the world swimming in billions by selling an overpriced product". Let me ask you a question? Have you ever heard of gasoline? These companies overprice the hell outta gas, and you're calling out apple? Ever hear of cigarette companies? The overprice them, and they drive up medical costs by directly causing cancer, and you're calling apple out? Dude you are flat out jealous of apple. Plain and simple, if they hired you today you'd be rite there. Jealous a$$

posted on 19 Aug 2013, 01:38

52. Taters (Posts: 2591; Member since: 28 Jan 2013)


The difference is that gasoline and medicine companies provide us with a necessity. They can mark up prices because society relies on it and we have to buy them. That is a whole other topic and dabs into politics. To be sure though, I am well aware of the issues involved with these companies so you do not have to preach to me about it. That has nothing to do with my point.

My point is that Apple is raping retailers, consumers, and everybody hard and there is plenty of evidence of it. You saying that every company does it to the extreme of Apple is quite ignorant and funny. Two giant carriers do not turn down Samsung or Sony for trying to rape them. Why is that? Oh it is because ONLY APPLE, and just Apple is trying to rape them. That should tell you that Apple is on a whole other level of trying to rip people off.

posted on 18 Aug 2013, 17:39 3

36. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Taters you continue to be blind as a bat. Sense you obviously, and purposely mean to be that way. I'll end our conversation.

posted on 18 Aug 2013, 16:59

32. Shatter (Posts: 1967; Member since: 29 May 2013)


Trust the cell, pc, or tablet you typed that weak post on, was built for wayyyyyyy less than you paid for it. You're a tech rape victim too Einstein.

If your into technology odds are you build your own PCs and don't become a tech rape victim.

posted on 18 Aug 2013, 17:05

33. Taters (Posts: 2591; Member since: 28 Jan 2013)


LOL Sad that he actually believes that every company rapes people as much as Apple does. What a moron.

posted on 18 Aug 2013, 17:41

38. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


See post #36

posted on 18 Aug 2013, 17:41

37. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Odds are just that...odds. Odds are never definitive.

posted on 18 Aug 2013, 18:12

42. Shatter (Posts: 1967; Member since: 29 May 2013)


odds are = a majority. Why buy a PC from Dell thats going to be a big piece of overpriced junk when I can get the same thing for hundreds of dollars cheaper with superior motherboard/psu/ram etc instead of the the cheapest parts possible..

posted on 18 Aug 2013, 19:36

44. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Yankees trail sox 0-2 top 2. Now I'm mad, I don't think CC has his stuff tonite.

posted on 18 Aug 2013, 22:09

48. darkkjedii (Posts: 10103; Member since: 05 Feb 2011)


Yankees 8-6 bottom 7. Hope we hold em.

posted on 18 Aug 2013, 16:40 2

28. MyJobSux (Posts: 77; Member since: 01 Apr 2012)


I dont trust any app store. Of the main 3 I guess, Apple, Google and M$, I would rank M$ the worst. It just feels sleezy. Its like walking down the street and some guy opens a trench coat with watches and crap inside asking if you want a name brand product that you know is a counterfiet. There are 30 youtube apps and none by Google and there are other non-Google apps done the same way. I dislike iTunes and how it is set up but their structure seems to have good quality control. Personally I trust Google the most but I also go to Amazon for apps at times too. You can look at permissions and who makes the app and go by that but unless you can read code and parse it yourself, you have no idea what your getting really.

posted on 19 Aug 2013, 07:55

54. tucutucu (Posts: 48; Member since: 03 Aug 2013)


Do you have 5 smartphones? lol

posted on 18 Aug 2013, 19:06 1

43. drnggaj33 (Posts: 127; Member since: 29 Feb 2012)


all the apple fan boys are up in arms now ....lol thinking apple cant get malware ...i was a tech for att and vzw for 7yrs every phone can get it ....the thing is apple ppl are stuck for no reason ....its a computer anything can happen and will happen to it other then that i wont go into detail on it

posted on 19 Aug 2013, 08:07

55. tucutucu (Posts: 48; Member since: 03 Aug 2013)


Money run the world...some manufacturers make money on quantity (like Samsung and Nokia), others on quality and loyalty (like Apple and Armani).
So, don't wear Armani, Louis Vuitton, Calvin Klein, Lacoste, D&G, etc. if you can find the same 100% cotton at any store in your city...hypocrites everywhere...

posted on 20 Aug 2013, 22:07

56. networkdood (Posts: 6250; Member since: 31 Mar 2010)


If anyone ever thought Apple was the mist secure, then you need a labotomy. Even our gov't has plans to use Android OS, and there are ways to increase security, including a closed up variation of Android.

posted on 22 Aug 2013, 04:04

57. andynaija (Posts: 424; Member since: 08 Sep 2012)


RAPE does NOT have anything to do with TECHNOLOGY! DIFFERENT SUBJECT

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories