Researchers sneak malicious code past Apple’s App Store evaluation


Computer security is a never-ending arms race, and every time the companies working to keep our devices safe come up with a new way to foil the efforts of malware writers, someone always manages to fire back with an even newer way to wreak havoc. Luckily this time it’s not any ne’er-do-well discovering the latest attack, but a group of security researchers out of Georgia, demonstrating how they snuck nasty code past Apple’s review.

For this experiment, they came up with a custom app they called Jekyll, on the surface neither designed for misdeeds nor containing code that violated any Apple rules. The trick is that Jekyll is built from a multitude of code modules, but the way data flows through them normally doesn’t do anything suspicious. Once the app is installed, though, the researchers were able to remotely reconfigure the app such that previously innocuous sections of code, when called in the correct manner, are now capable of harm.

Apple is aware of this research, and has indicated that it’s already made adjustments to how it vets apps as a result. Still, all that’s taking place behind closed doors, and we’ve no way of knowing just how effective whatever changes Apple’s made may ultimately prove. Maybe next time, even more clever devs may come up with more elaborate ways around even Apple’s latest protections.

Source: Ars Technica
Via: The Consumerist

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen’s first mobile device was a 624 MHz Dell Axim X30, which he’s convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he’s not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits

Read more about Stephen Schenck!