Remotely Assembled Malware Evades Apple's App Testing Processes
Published on: 17th Aug 2013
Note -- this news article is more than a year old.
Apple has long touted its mobile apps approval process as being a way of protecting users from malware and viruses deployed on the free for all nature of the Android app stores but that reputation has come under attack.
Researchers have managed to cloak malware inside an iPhone app and successfully uploaded it to Apple's iTune store, where the company then approved it for release.
Researchers at Georgia Tech managed the feat by using a self-assembling malware code that was broke up into innocuous pieces and scattered throughout an otherwise legitimate looking mobile app.
As the app connected to a remote server to download news content updates, that enabled the researchers to send a signal to the handset to "generate new behavior of the logic of that app which was nonexistent when it was installed,"
The malware was then able to commandeer many of the iPhone functions, including redirecting the Safari webbrowser to download more viruses.
The Jekyll app was live for only a few minutes in March, and no innocent victims installed it says Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, led by Tielei Wang, that wrote the Apple-fooling app. During that brief time, the researchers installed it on their own Apple devices and attacked themselves, then withdrew the app before it could do real harm.
It seems that during Apple's testing, they ran the app for only a few seconds, and the malware had been coded to wait for several minutes before activating itself.
Tom Neumayr, an Apple spokesman, said the company made some changes to its iOS mobile operating system in response to issues identified by the research.
On the web: Technology Review