Something major found by researchers, they have found a way to upload a Malicious Program to Apple’s app store and the malware was capable to stealing personal information, taking photos, and attacking other apps.
An app developed by Tielei Wang and his team at Georgia Tech called “Jekyll”, they tried their reserach in March and presented now, during the Usenix conference in Washington, MIT’s Technology Review informs.
According to the experts, the app was live only for a few minutes and it wasn’t installed by anyone except them.
“The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed,” says Long Lu, a Stony Brook University researcher who was part of the team at Georgia Tech, led by Tielei Wang, that wrote the Apple-fooling app.
Lu says that by monitoring the app, they could tell that Apple ran it for only a few seconds prior to releasing it. During the review, the malicious code had been decomposed into “code gadgets” that were hidden under the cover of legitimate app operations and could be stitched together after approval. “The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen,” Lu says (see “Clues Suggest Malware Is Moving from PCs to Mobile Devices”).
Apple representatives say the company has made some changes to the way apps are reviewed in an effort to address the issues highlighted in the research paper. However, they refused to comment on how the app-reviewing process works.
VIA– Technologyreview| Softpedia
