Researchers Slipped Malware Into Apple’s App Store During Experiment

Researchers Slipped Malware Into Apple’s App Store During Experiment

A group of researchers have allegedly managed to sneak malware onto Apple’s iOS App Store, proving that no mobile store is safe.

The app, apparently containing news from Georgia Tech, had pieces of code that assembled into a malicious program only after it was installed. The malicious code was disguised as legitimate app operations that could be stitched together once the software was approved by Apple. According to one of the researchers, the app slipped past Apple’s security because it was coded to generate new behavior once installed.

“The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed,” noted Long Lu, one of the members of the research team.

The experiment has demonstrated that Apple runs, at least some applications, only for a few seconds before allowing them to be uploaded to the App Store. Researchers claim Apple only scanned Jekyll for a few seconds before giving it clearance. The app has since been deleted from the App Store by the researchers.

“The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen,” Lu added.

Apple representatives say the company has made some changes to the way apps are reviewed in an effort to address the issues highlighted in the research paper. However, they refused to comment on how the app-reviewing process works.

Apple spokesman Tom Neumayr said that Apple has already made changes to iOS in response to the researcher’s findings, but he wouldn’t comment on Apple’s process for reviewing apps, about which it has always been notoriously secretive.

So while you still have a far better chance of downloading malware onto an Android device, this goes to show that no mobile operating system can ever claim to be truly safe.

You have read this articleApple / News with the title Researchers Slipped Malware Into Apple’s App Store During Experiment. You can bookmark this page URL Thanks!
Write by: RC - Sunday, August 18, 2013

Comments "Researchers Slipped Malware Into Apple’s App Store During Experiment"

Post a Comment