Show menu
Home
›
News
›
Researchers tricked Apple into approving an app loaded with malware

Researchers tricked Apple into approving an app loaded with malware

Posted: 18 Aug 2013, 12:53, by Alan F.

Share Tweet Share

Tags : iOS -iOS + Apple -Apple + Apps -Apps +

Researchers tricked Apple into approving an app loaded with malware

Researchers at Georgia Tech managed to get an app approved by Apple and posted on the Apple App Store. But unlike other apps, this one was a ticking time bomb. Inside the app, researchers placed fragments of code that were programmed to come together and assemble itself into malware. The program, aptly code named Jekyll, could send emails, tweets and texts under the radar while at the same time it could grab a device's ID number, steal personal information, take pictures and attack other apps. And it could even send mobile Safari to a page containing even more malware. In other words, this app could have been an iPhone user's worst nightmare.

The good news is that the researchers quickly took down the listing after it was posted for just a few minutes back in March. No innocent iPhone installed the app. The Georgia Tech team, on the other hand, downloaded the program and infected their own device. The researchers were able to tell that Apple ran the program for only a few seconds before giving it a stamp of approval. Unless it ran the app for a longer period of time, Apple would never know about the malware because the bad code was hidden in separate small "code gadgets" hidden by a legitimate app. Once the app was approved, the code was designed to stitch together to form the troublesome malware that could wreak havoc on an iPhone.

Apple's review process is not doing enough to safeguard the App Store. That is the message that researchers are broadcasting following the ruse. Long Lu, a member of the research team says, "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen." Lu adds that it is possible that some apps on the App Store are malware and have just not yet been detected.

source: MITTechnologyReview via GIGaom

Black Friday in July by Best Buy: Here are all the sweet deals

Save the date: Galaxy Note 8 to be unveiled August 23

57 Comments

Options
Close Follow › Following
Show comments:

Display mode:

Always view all comments

posted on 18 Aug 2013, 12:57 1

1. Kelley71 (Posts: 88; Member since: 26 Nov 2012)

Sane time?

posted on 18 Aug 2013, 13:03 4

2. gazmatic (Posts: 795; Member since: 06 Sep 2012)

at least now the app store would be safer going ahead

i dont think apple wants this kind of publicity

hopefully

posted on 18 Aug 2013, 13:05 9

3. quadrazeus (Posts: 359; Member since: 03 May 2013)

My cousin tricked Google into approving an app loaded with malware. And he's just 17, lol.

posted on 18 Aug 2013, 13:10 14

4. Sauce (unregistered)

I don't think anyone has to even 'trick' Google into getting malware onto the Play Store.

posted on 18 Aug 2013, 13:12 3

5. nerdylish (Posts: 51; Member since: 13 Apr 2013)

Anybody can do that :P

posted on 18 Aug 2013, 13:31 6

9. maysider (Posts: 38; Member since: 11 Aug 2013)

I can even rob you in the street= freedom
With iOS you have fascism

posted on 18 Aug 2013, 13:39 2

10. PhoneArenaUser (Posts: 5498; Member since: 05 Aug 2011)

You said that in defence of Apple? :D

posted on 19 Aug 2013, 00:10 3

51. quadrazeus (Posts: 359; Member since: 03 May 2013)

No. :D

posted on 19 Aug 2013, 02:55

53. PhoneArenaUser (Posts: 5498; Member since: 05 Aug 2011)

Common, you did that as tedkord says in his comment #26. :D

posted on 18 Aug 2013, 13:47 5

12. PapaSmurf (Posts: 10457; Member since: 14 May 2012)

Now that I've realized this, why even mention the Play Store when this is a App Store article...?

posted on 18 Aug 2013, 14:04 2

13. Shatter (Posts: 2036; Member since: 29 May 2013)

because IOS is said to have a lower chance of getting a virus and very few apps with it in the store while this proves that anybody can do it and get it past apple..

posted on 18 Aug 2013, 20:05

45. PapaSmurf (Posts: 10457; Member since: 14 May 2012)

You did everything but answer my question.

posted on 18 Aug 2013, 16:16 5

26. tedkord (Posts: 13819; Member since: 17 Jun 2009)

Because they have a deep seated psychological need to excuse Apple, so they try to divert attention by throwing out anything they can about the enemy. It's a time honored tactic employed by school children the world over.

posted on 18 Aug 2013, 17:58

40. PhoneArenaUser (Posts: 5498; Member since: 05 Aug 2011)

100% to the target! :)

+1

posted on 18 Aug 2013, 22:56 2

50. quadrazeus (Posts: 359; Member since: 03 May 2013)

Freedom of speech. That's why.

posted on 18 Aug 2013, 13:42 14

11. androidfanboy (Posts: 162; Member since: 24 Jun 2013)

Lol the apple fanboys are in denial haha

posted on 18 Aug 2013, 14:33 1

14. Googler (Posts: 813; Member since: 10 Jun 2013)

Those who don't think they need defenses are the most defenseless of all. App that attacks other apps, who knows what havoc this thing could have done if a true hacker had unleashed it.

posted on 18 Aug 2013, 14:53 1

16. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

Major damage

posted on 18 Aug 2013, 14:50

15. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

I think the pentagon needs to hire these researchers, man they've got skillz. Apple hire these guys!!!

posted on 18 Aug 2013, 14:59 1

18. roscuthiii (Posts: 2233; Member since: 18 Jul 2010)

Very clever implementation indeed... they're probably being sequestered by the NSA as we speak (well, technically type).

posted on 18 Aug 2013, 16:01 1

21. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

Wouldn't surprise me. Big brothers always watching.

posted on 18 Aug 2013, 14:54 5

17. roscuthiii (Posts: 2233; Member since: 18 Jul 2010)

There's not one thing Man can make that another can't break. All just a matter of time.

posted on 18 Aug 2013, 15:09

19. gazmatic (Posts: 795; Member since: 06 Sep 2012)

well said

posted on 18 Aug 2013, 16:01

22. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

So true

posted on 18 Aug 2013, 15:33 3

20. Taters (banned) (Posts: 6474; Member since: 28 Jan 2013)

This is why Apple is one of the worst companies in the world. They cut costs on EVERYTHING, except lawsuits, including app testing when they have a 100 billion in the bank. How can the Apple fans not see that they are getting raped hard?

Buying an Apple product is like going to the same restaurant and paying 20 bucks for a bowl of rice or instant noodles. Not only that, it is like not noticing that restaurant owner is swimming in money and not even inspecting the noodles before serving them. Then when asked by someone why they are paying $20 for a bowl of rice that costs cents and can be purchased elsewhere for $2 tops, they respond by it just works. I get full from that bowl of rice and it's simple. It's not cluttered with side dishes and stuff, you know, those things that add flavor to your meal. 0.o

You guys are getting raped and they are laughing about ripping you off by swimming in their billions and only taking 20 seconds to inspect an app. Other companies that struggle to make a profit has an excuse, they can't afford to inspect more than 20 seconds. Apple can afford it easily and they still take all the short cuts they can get, more so than even poor companies. Wake up ifans.

posted on 18 Aug 2013, 16:05

23. Sauce (unregistered)

I understand how you feel because maybe you as an individual see it differently than the individuals who purchase products from Apple. These individuals do not care about spending that money on those products because 1) They have it and can throw it around. 2) They can afford it. 3) They budget to afford a product that they like. Individuals like yourself and I, and many others for example, are not like them so we turn to other items with a cheaper price.

Then again, there are many phones just as expensive as Apple products, so it comes down to personal taste and choice. Open your eyes, there's a company and product for everyone. Apple happens not to be for you.

Of course there are many other reasons that can be listed, but from reading your ignorance, this is what came off the top of my head.

posted on 18 Aug 2013, 16:11 2

24. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

But the play store has lots of malware too. Being open source google regularly does not inspect apps before allowing them in. All companies are greedy, and money/power driven. Your post wasn't even necessary, cuz we already know how big business works. Apple, google, Samsung, and others practice it quite well. Build for low sell for high, can we say profit? Doesn't matter who's the greediest when they're all greedy, doesn't matter who profits the most when they all profit. Apple is google is Samsung. The worst companies though are cigarette, beer, food/soft drink ones. They package cancer, diabetes, heart disease, stroke, obesity, and other maladies. They sell them in the form of Pepsi, coke happy meals, and snickers. And you call apple one of the worst companies? Dude get real.

posted on 18 Aug 2013, 16:50

29. VZWuser76 (Posts: 4750; Member since: 04 Mar 2010)

Just because Android is open source, does not mean the apps are. You can't take an app someone created and make tweaks to it, only the dev who wrote it can. Now the OS you can tweak or change to your hearts content, but if you fork the OS beyond what Google allows, you lose access to Google's services, including the Play Store. That's why many lower end Android models have their own app store, because they have altered the OS beyond what Google allows and lost access to the Play Store.

If anything this is a good thing. Better the good guys finding this out than those who would use it to steal info, money, etc.

posted on 18 Aug 2013, 16:57

31. Shatter (Posts: 2036; Member since: 29 May 2013)

Apple and Samsung give you radiation, food doesn't.

posted on 18 Aug 2013, 17:36 2

35. darkkjedii (Posts: 24353; Member since: 05 Feb 2011)

No but tons of the foods we eat cause, cancer, obesity, gout, hypertension, diabetes etc. don't go there with me Shatter, keep it about tech. Health and fitness is my passion, I know my stuff...trust me on that.

* Some comments have been hidden, because they don't meet the discussions rules.