August 1, 2013
GA Tech Researcher Discovers Security Hole In Apple iOS
Michael Harper for redOrbit.com - Your Universe Online
A Georgia Tech researcher has found a weakness in Apple's iOS mobile platform that could hide malicious code inside an otherwise innocuous app.
With this vulnerability a developer could potentially write the harmful code in the app and have it lay dormant through Apple's app review process. Once it lands in the App Store and is installed on an iPad, iPhone or iPod Touch, the developer could flip on the bad code and use it to begin remotely controlling the device.
Research scientist Tielei Wang from the Georgia Tech Information Security Center (GTISC) calls his proof-of-concept app "Jekyll" and says he can send email and snap pictures from a controlled device, all without the owner's knowledge. Fellow GTISC researcher Billy Lau also made news in June when he discovered a flaw in iOS which could allow hackers to plug hardware directly into the iPhone's port and install a Trojan horse. According to Reuters, Apple has fixed this charging station flaw in iOS 7, which is set to ship to many iDevices this fall.
"We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices," said Wang in a statement, describing Jekyll.
"Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps -- all without the user's knowledge," he added.
Georgia Tech, in a press release, also mentions Lau's hack, which installs malicious hardware in a large, 3-inch charger. A BeagleBoard single-board computer is used in this hardware attack which contains the Trojan horse code. With his proof-of-concept device, Lau had access to security permissions which are normally left locked to ordinary users. Though they were able to demonstrate this weakness, they also warned hackers with larger budgets and more time on their hands could likely do much worse with this idea. Lau reported this vulnerability to Apple in June.
Lau and fellow GTISC research scientists Yeongjin Jang and Chengyu Song demonstrated this weakness at the BlackHat conference in Las Vegas on Wednesday.
Following the presentation, Apple announced this hole has been plugged in the latest version of iOS 7 available to software developers now. When the OS becomes publicly available sometime this fall, any device running iOS 7 will be safe from this particular hack.
Security research team BlueBox recently found a flaw in 99 percent of all Android devices, which also works to bypass review processes and trick users before they download the app. This weakness also gave hackers the ability to embed their code into otherwise harmless apps. When the app is installed, however, the hacker has deep access to key components of the operating system. This vulnerability even left carrier-installed versions of Android open to attack, giving the hacker access to phone records, messages, and the ability to build an always-on and always roaming bot-net to carry out further attack.