Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Jekyll" Test Attack Sneaks Through Apple App Store, Wreaks Havoc

Posted by samzenpus on from the wolf-in-sheep's-clothing dept.

An anonymous reader writes "A malware test app sneaked through Apple's review process disguised as a harmless app, and then re-assembled itself into an aggressive attacker even while running inside the iOS 'sandbox' designed to isolate apps and data from each other. The app, dubbed Jekyll, was helped by Apple's review process. The malware designers, a research team from Georgia Institute of Technology's Information Security Center, were able to monitor their app during the review: they discovered Apple ran the app for only a few seconds, before ultimately approving it. That wasn't anywhere near long enough to discover Jekyll's deceitful nature."

5 of 206 comments (clear)

  1. Re:I call bullshit on "unaware" claims by Bogtha · · Score: 4, Informative

    Every single one of those, requires permission from the user to do - posting tweets an app cannot do directly, it brings up a sheet.

    Read the paper - they watched the interaction in a debugger to find the right messages to send to the right private classes in order to bypass this.

    This only worked with iOS 5 - last year Apple moved sheets like these into external processes and used a proxy view controller to show them in applications instead of embedding the functionality directly, so attacks like this aren't possible any more where this technique has been used.

    I agree that this is somewhat sensationalised, but they were able to do this without the normal user approval in the 4% or so of people still running a two year old version of iOS.

    --
    Bogtha Bogtha Bogtha
  2. Re:Apple review process = a few seconds? by gl4ss · · Score: 5, Informative

    you can go without a middleman for android apps.. all android devices allow you to install apk's.

    now that is a large difference to iOS or windows phone.

    if you don't see the difference then you're a fucking moron, the other os allows you to point to a file on any fucking webserver and the other doesn't. the other platform allows you to install anything without the device(or os) manufacturer greenlighting the app while the other censors whatever the fuck it wants that week to censor.

    --
    world was created 5 seconds before this post as it is.
  3. Aha by SuperKendall · · Score: 2, Informative

    I looked for the paper but could not find the link. Thanks for the extra info.

    As I thought, they did not break the sandbox at all. Attacks that don't work in iOS6 are irrelevant at this point...

    It's totally sensationalized. It remains true there's no way a real app can "wreak havoc" even if you inject code later.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. Re:BUT MACS DON'T GET ... by Samantha+Wright · · Score: 4, Informative

    iOS still has a lot going on under the floorboards that's a rather faithful ARM port of OS X. At least for the pertinent intents and purposes, it's pretty safe to say iPhones are Macs. And stuff.

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
  5. Re:I call bullshit on "unaware" claims by Zalbik · · Score: 4, Informative

    This only worked with iOS 5

    Some items only worked in iOS 5.

    Based on Table 1 from their paper here, the following items could be accomplished by their app on iOS 6:
    - posting tweets
    - using the camera
    - dialing
    - using bluetooth
    - crashing safari
    - stealing device

    It was only sending SMS messages, sending email, and rebooting the system that were limited to iOS 5.