One of the supposed benefits of using iOS on your iPhone or iPad is that every app is vetted by Apple and every app is sanboxed from each other. A recent test by security researchers has proven that this benefit may be false. An app that has been dubbed Jekyll made an appearance on the App Store after going through Apple’s review process which involves running the app for a few seconds. But this app when run for a longer period of time assembled itself into an aggressive piece of marware even while running inside the iOS sandbox which is designed to stop this from happening. I’ll let the researchers pick up the story from here:
“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge,” says Tielei Wang, in a July 31 press release by Georgia Tech. http://www.gatech.edu/newsroom/release.html?nid=225501 Wang led the Jekyll development team at GTISC; also part of the team was Long Lu, a Stony Brook University security researcher.
Some blogs and technology sites picked up on the press release in early August. But wider awareness of Jekyll, and its implications, seems to have been sparked by an August 15 online story in the MIT Technology Review, by Dave Talbot, who interviewed Long Lu for a more detailed account.
Jekyll “even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware,” Talbot wrote.
A form of Trojan Horse malware, the recreated Jekyll, once downloaded, reaches out to the attack designers for instructions. “The app did a phone-home when it was installed, asking for commands,” Lu explained. “This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed.”
What does Apple have to say about this? Here’s their take:
Apple spokesman Tom Neumayr said that Apple “some changes to its iOS mobile operating system in response to issues identified in the paper,” according to Talbot. “Neumayr would not comment on the app-review process.”
It sounds like Apple has some work to do as this is a pretty big hole in iOS security that needs to be addressed before someone with less noble intentions exploits this.
Related
This entry was posted on August 19, 2013 at 1:46 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
“Jekyll” Test Attack Sounds Alarm For iOS Users
One of the supposed benefits of using iOS on your iPhone or iPad is that every app is vetted by Apple and every app is sanboxed from each other. A recent test by security researchers has proven that this benefit may be false. An app that has been dubbed Jekyll made an appearance on the App Store after going through Apple’s review process which involves running the app for a few seconds. But this app when run for a longer period of time assembled itself into an aggressive piece of marware even while running inside the iOS sandbox which is designed to stop this from happening. I’ll let the researchers pick up the story from here:
“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge,” says Tielei Wang, in a July 31 press release by Georgia Tech. http://www.gatech.edu/newsroom/release.html?nid=225501 Wang led the Jekyll development team at GTISC; also part of the team was Long Lu, a Stony Brook University security researcher.
Some blogs and technology sites picked up on the press release in early August. But wider awareness of Jekyll, and its implications, seems to have been sparked by an August 15 online story in the MIT Technology Review, by Dave Talbot, who interviewed Long Lu for a more detailed account.
Jekyll “even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware,” Talbot wrote.
A form of Trojan Horse malware, the recreated Jekyll, once downloaded, reaches out to the attack designers for instructions. “The app did a phone-home when it was installed, asking for commands,” Lu explained. “This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed.”
What does Apple have to say about this? Here’s their take:
Apple spokesman Tom Neumayr said that Apple “some changes to its iOS mobile operating system in response to issues identified in the paper,” according to Talbot. “Neumayr would not comment on the app-review process.”
It sounds like Apple has some work to do as this is a pretty big hole in iOS security that needs to be addressed before someone with less noble intentions exploits this.
Share this:
Like this:
Related
This entry was posted on August 19, 2013 at 1:46 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.