BlackHat: Researchers Sneak Malware Past iOS Security Protections

Malicious code can be surreptitiously planted on the Apple App Store and then downloaded by iOS devices, researchers have shown at BlackHat in Las Vegas, where they also showed how a bespoke charger could be used to hack an iPhone.

Like polymorphic malware, the “Jekyll” proof-of-concept code introduces new functionality that is not checked during Apple’s approval process.

Remote iOS attacks

“We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Tielei Wang, a researcher at the Georgia Tech Information Security Center (GTISC).

“Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”

But they went one step further in their attempts to hack iOS machines.  As reported by TechWeek in June, Billy Lau, another GTISC researcher, created a malicious charger, built with a BeagleBoard, a low-power open-source hardware single-board computer, not too dissimilar from a Raspberry Pi.

The “Mactans” charger was able to install a malicious app on an iPhone in just 60 seconds, requiring neither a jailbreak nor user interaction.

Apple is fixing that flaw in iOS 7, notifying users when they plug their mobile device into any peripheral that attempts to establish a data connection. There is no release date for iOS 7 yet, but it will arrive this autumn. Until then, devices are vulnerable.

But it is continuing to work on the Jekyll flaws. “These results are concerning and challenge previous assumptions of iOS device security,” said GTISC associate director Paul Royal. “However, we’re pleased that Apple has responded to some of these weaknesses and hope that they will address our other concerns in future updates.”

What do you know about Internet security? Find out with our quiz!