ComputerWorld – Researchers Outwit Apple, Plant Malware in the App Store

Posted: August 21, 2013 in One People's Public Trust (OPPT)

Posted from:



Researchers Outwit Apple, Plant Malware in the App Store

‘Jekyll’ app assembles hidden attack code only after Apple’s screened the software

August 20, 2013 12:06 PM ET

Computerworld – A team of researchers from Georgia Tech has demonstrated how hackers can slip a malicious app by Apple’s reviewers so that it’s published to the App Store and ready for unsuspecting victims to download.

Led by Tielei Wang, a research scientist at Georgia Tech’s school of computer science, the team created a “Jekyll” app — named for the Robert Louis Stevenson novella, Strange Case of Dr. Jekyll and Mr. Hyde — that posed as a benign news reader. Hidden inside the app, however, were code fragments, dubbed “gadgets,” that self-assembled to create a proof-of-concept exploit only after the app was approved by Apple.

The assembled attack code was able to send tweets, email and texts without the user’s knowledge, and could steal the iPhone’s unique device ID, turn on the camera and take video, forward voice calls to other phones and connect with local Bluetooth devices. Because the reconfigured app also “phoned home” to a server operated by the researchers, they were able to download additional malware and compromise other apps on the smartphone, including the Safari browser.

What had seemed on the surface — far below the surface for that matter — to be a harmless Dr. Jekyll was silently transformed into an evil Mr. Hyde.

Continue reading at:



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s