http://arstechnica.com/security/2013/08/seemingly-benign-jekyll-app-passes-apple-review-then-becomes-evil / computer scientists scientist sneak malicious programs program programme programmes Apple's exclusive app store detect detected mandatory review process automatically flag apps app application researchers Georgia Institute of Technology technique create what appeared a harmless app Apple reviewers accepted iOS App Store later able update app malicious actions trigger triggering triggered security alarms app researchers titled Jekyll worked taking the binary code that had already been digitally signed by Apple rearranging new malicious behaviors behavior behaviour behaviours method attacker attackers attack attacking attacked reliably hide malicious behavior reject rejected rejecting Apple review process researchers wrote paper titled Jekyll on iOS: When Benign Apps Become Evil passes review installed end user's device instructed intended attacks attack key idea remotely exploitable subsequently introduce malicious control flows rearrange rearranging signed code new control flows do not exist during the app review process, such apps Jekyll stay undetected when reviewed easily obtain Apple’s approval Apple representatives immediately respond request for comment company spokesman Tom Neumayr MIT Review developers have made changes to the iOS operating system in response to issues identified paper remains unclear vulnerabilities have been completely fixed Jekyll app active following launch March install installed experiment researchers malicious attacks stealthily sending tweets tweet e-mails, e-mail email emails text messages stealing device ID numbers taking photos photographs photo photograph attack attacking other apps Safari browser load booby-trapped websites booby trap seemingly benign /
No comments:
Post a Comment