Tielei Wang and his team of researchers at Georgia Tech have discovered a method for getting malicious iOS apps past Apple's App Store review process. The team created a "Jekyll app" that seemed harmless at first, but after making it into the App Store and onto devices, is able to have its code rearranged in order to perform potentially malicious tasks.
Jekyll apps - likely named after the less malicious half of the classic Dr. Jekyll and Mr. Hyde pairing - are somewhat similar to previous work done by Charlie Miller. Miller's app had the end-result of being able to execute unsigned code on a user's device by exploiting a bug in iOS, which Apple has since fixed. Jekyll apps differ in that they don't rely on any particular bug in iOS at all. Instead, authors of a Jekyll app introduce intentional bugs into their own code. When Apple reviews the app its code and functionality will appear harmless. Once the app has been installed on a person's device, however, the app's vulnerabilities are exploited by the authors to create malicious control flows in the app's code, performing tasks that would normally cause an app to be rejected by Apple.
Wang's team submitted a proof-of-concept app to Apple and were able to get it approved through the normal App Store review process. Once published, the team downloaded the app onto their testing devices and were able to have the Jekyll app successfully carry out malicious activity like snapping photos, sending emails and text messages. They were even able kernel vulnerabilities. The team pulled their app immediately after, but the potential for other, similar apps to get onto the App Store remains.
Apple recently responded threats posed by fake malicious chargers by thanking the researchers and announcing a fix that will be available in iOS 7. Wang was also part of the research team that created the fake charger, but his findings with Jekyll apps could pose a greater risk to iOS and Apple. Mactans chargers require physical access to a device, while Jekyll apps, once in the App Store, could be exploited remotely on any device that installs them. Additionally, Jekyll apps don't rely on any particular bug which makes them difficult to stop, as Wang explained in an email to iMore:
It is not easy for Apple to detect or prevent Jekyll Apps, because it implies that Apple needs to detect or prevent intended bugs in third party apps.
The researchers have shared their findings with Apple, but it remains to be seen how Apple will address the problem. The full details of the teams' discoveries will be presented later this month at the USENIX Security Symposium.
Source: Georgia Tech News Room
We may earn a commission for purchases using our links. Learn more.
A Reddit hack has plastered popular subreddits with pro-Trump messages
Reddit is investigating a series of vandalized communities which have been plastered with pro-Trump messages. Compromised moderators may be the source of the attacks.
Go beyond the Wall in Apple Arcade's Game of Thrones: Tale of Crows
"Game of Thrones" fans can now explore the lands beyond the Wall on their iPhone, iPad, Mac, and Apple TV.
Review: The Porsche Taycan can stream Apple Music, no phone or data needed
The 2020 Porsche Taycan is a sweet ride, but it's also the first to fully integrate Apple Music into its own infotainment system — without your phone or data.
Keep thieves' hands off your MacBook with a reliable laptop lock
Deter potential MacBook thieves with one of these locks on your MacBook.