Skip to comments.Malicious Jekyll App Sneaks into Apple's Walled Garden, Doubts Raised About Vetting Process
Posted on 08/17/2013 11:29:40 AM PDT by BenLurkin
It's not too hard to slip a bug into Apples iOS walled garden, according to researchers at Georgia Tech, who managed to slip a malicious app into the Apple App Store undetected. The research team's success now calls into question Apple's undisclosed app vetting system.
The malware, appropriately called "Jekyll" by the research team at the Georgia Institute of Technology, was designed to look like a respectable app through Apple's review process, only turning malicious after its installed on an iOS device. In this case, the malicious code went in the guise of a Georgia Tech news app.
To get Apple's approval and be placed in the App Store, every app must go through a mandatory review and code signing mechanisms. Jekyll contained code fragments that later assembled into a bunch of malicious code after being activated remotely. "The app did a phone-home when it was installed, asking for commands," said Long Lu, a member of the research team to MIT Technology Review. "This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed."
(Excerpt) Read more at latinospost.com ...
I wonder if the same technology could , or has been used in electronic (Presidential,Congressional, or local) elections .
Our solution was the following: at startup, we requested the buffer initially, found the locations for each metric for that particular OS configuration, and rewrote the instructions to acces each in a DBank (data banks were modifiable; IBanks — instruction banks — we're not). When we were done, we deleted the old IBank, changed the DBank to mark it as an IBank, and the rest was history.
Extremely efficient. Our competitor's performance could come close. Looking back, and if we had wanted to be malicious, we could have done whatever we wanted, as the privileges to obtain those metrics already meant we had access to anything.
This was 30 years ago. Nothing new under the sun.
Kids today think they are doing things for the first time. Heh.
Couldn’t come close, that should read...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.