Hackers have discovered a way of sneaking dangerous and malicious software onto Apple’s App Store by tricking the store’s reviewers into thinking its safe.
The app, dubbed Jekyll after the character in Robert Louis Stevenson’s famous book in which Dr Jekyll has an evil alter ego called Mr Hyde, can be made to look like a harmless game, service, utility app and so on.
Once it has passed Apple’s strict app review policy, the computer scientists from the Georgia Institute of Technology who developed the technique can remotely change its binary code to make it malicious.
The findings were published in the paper, Jekyll on iOS: When Benign Apps Become Evil.
Researchers Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee said: ‘The key idea is to make the apps remotely exploitable and subsequently introduce malicious control ﬂows by
rearranging signed code.
‘Since the new control ﬂows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple’s approval.
“We implemented a proof-of-concept Jekyll app and successfully published it in App Store. We remotely launched the attacks on a controlled group of devices that installed the app.
‘The result shows that Jekyll app can successfully perform many malicious tasks, such as stealthily posting tweets, taking photos, stealing device identity information, sending email and SMS, attacking other apps.’
As well as sending messages and stealing ID numbers, the app was also used to open malicious websites on the device’s built-in Safari browser.
Apple spokesman Tom Neumayr told MIT Review that developers have made changes to the iOS in response to the Institute’s research although it’s not known if the flaw has been completely fixed.
Apple has a strict policy on which apps are accepted onto its App Store.
It doesn’t allow malicious or dangerous apps or apps that contain adult content, but it will also reject apps that don’t appear to have a set use or function.
This is to avoid rogue apps from appearing on the store.
All apps are additionally run inside what’s called the iOS sandbox, which isolates individual apps and prevents them from being able to communicate with other apps or other built-in programs.
This is supposed to mean that if one app becomes infected, it can’t hijack the others, yet the Georgia Institute of Technology’s research even managed to bypass this feature.
APPLE’S APP STORE GUIDELINES
To be accepted onto the App Store, apps must be functional in that they must not crash, include hidden features or work in a way other than what the developer advertised.
They must also have a user function and developers can’t charge for app that doesn’t do anything.
Any app that is defamatory, offensive, mean-spirited, or likely to place the targeted individual or group in harms way will be rejected.
Apps that present excessively objectionable or crude content will be rejected along with apps that are designed to upset or disgust users.
Article Credit: dailymail.co.uk