Researchers at Georgia Tech managed to get an app approved by Apple and posted on the Apple App Store. But unlike other apps, this one was a ticking time bomb. Inside the app, researchers placed fragments of code that were programmed to come together and assemble itself into malware. The program, aptly code named Jekyll, could send emails, tweets and texts under the radar while at the same time it could grab a device's ID number, steal personal information, take pictures and attack other apps. And it could even send mobile Safari to a page containing even more malware. In other words, this app could have been an iPhone user's worst nightmare.
The good news is that the researchers quickly took down the listing after it was posted for just a few minutes back in March. No innocent iPhone installed the app. The Georgia Tech team, on the other hand, downloaded the program and infected their own device. The researchers were able to tell that Apple ran the program for only a few seconds before giving it a stamp of approval. Unless it ran the app for a longer period of time, Apple would never know about the malware because the bad code was hidden in separate small "code gadgets" hidden by a legitimate app. Once the app was approved, the code was designed to stitch together to form the troublesome malware that could wreak havoc on an iPhone.
Apple's review process is not doing enough to safeguard the App Store. That is the message that researchers are broadcasting following the ruse. Long Lu, a member of the research team says, "
The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen." Lu adds that it is possible that some apps on the App Store are malware and have just not yet been detected.
source:
MITTechnologyReview via
GIGaom
57 Comments
1. Kelley71
Posts: 105; Member since: Nov 26, 2012
posted on Aug 18, 2013, 12:57 PM 1
2. gazmatic
Posts: 822; Member since: Sep 06, 2012
posted on Aug 18, 2013, 1:03 PM 4
3. quadrazeus
Posts: 359; Member since: May 03, 2013
posted on Aug 18, 2013, 1:05 PM 9
4. Sauce unregistered
posted on Aug 18, 2013, 1:10 PM 14
5. nerdylish
Posts: 51; Member since: Apr 13, 2013
posted on Aug 18, 2013, 1:12 PM 3
9. maysider
Posts: 38; Member since: Aug 11, 2013
posted on Aug 18, 2013, 1:31 PM 6
10. PhoneArenaUser
Posts: 5498; Member since: Aug 05, 2011
posted on Aug 18, 2013, 1:39 PM 2
51. quadrazeus
Posts: 359; Member since: May 03, 2013
posted on Aug 19, 2013, 12:10 AM 3
53. PhoneArenaUser
Posts: 5498; Member since: Aug 05, 2011
posted on Aug 19, 2013, 2:55 AM 0
12. PapaSmurf
Posts: 10457; Member since: May 14, 2012
posted on Aug 18, 2013, 1:47 PM 5
13. Shatter
Posts: 2036; Member since: May 29, 2013
posted on Aug 18, 2013, 2:04 PM 2
45. PapaSmurf
Posts: 10457; Member since: May 14, 2012
posted on Aug 18, 2013, 8:05 PM 0
26. tedkord
Posts: 17469; Member since: Jun 17, 2009
posted on Aug 18, 2013, 4:16 PM 5
40. PhoneArenaUser
Posts: 5498; Member since: Aug 05, 2011
posted on Aug 18, 2013, 5:58 PM 0
50. quadrazeus
Posts: 359; Member since: May 03, 2013
posted on Aug 18, 2013, 10:56 PM 2
11. androidfanboy
Posts: 162; Member since: Jun 24, 2013
posted on Aug 18, 2013, 1:42 PM 14
14. Googler
Posts: 813; Member since: Jun 10, 2013
posted on Aug 18, 2013, 2:33 PM 1
16. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 2:53 PM 1
15. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 2:50 PM 0
18. roscuthiii
Posts: 2383; Member since: Jul 18, 2010
posted on Aug 18, 2013, 2:59 PM 1
21. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 4:01 PM 1
17. roscuthiii
Posts: 2383; Member since: Jul 18, 2010
posted on Aug 18, 2013, 2:54 PM 5
19. gazmatic
Posts: 822; Member since: Sep 06, 2012
posted on Aug 18, 2013, 3:09 PM 0
22. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 4:01 PM 0
20. Taters
Posts: 6474; Member since: Jan 28, 2013
posted on Aug 18, 2013, 3:33 PM 3
23. Sauce unregistered
posted on Aug 18, 2013, 4:05 PM 0
24. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 4:11 PM 2
29. VZWuser76
Posts: 4974; Member since: Mar 04, 2010
posted on Aug 18, 2013, 4:50 PM 0
31. Shatter
Posts: 2036; Member since: May 29, 2013
posted on Aug 18, 2013, 4:57 PM 0
35. darkkjedii
Posts: 31612; Member since: Feb 05, 2011
posted on Aug 18, 2013, 5:36 PM 2
* Some comments have been hidden, because they don't meet the discussions rules.
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Comments Options
Report Post
Send a warning to post author
Send a warning to Selected user. The user has 0 warnings currently.
Ban user and delete all posts
Message to PhoneArena moderator (optional):