Apple's Security Measures for iOS CircumventedCategory: Science & Technology
Posted: July 31, 2013 08:12PM
As more and more people incorporate mobile devices into their daily routines, more and more hackers attempt to exploit security weaknesses to take control of these devices. Different companies have different security tactics with Apple's, in part, being to review every app before being approved for the iOS App Store. Researchers at the Georgia Institute of Technology however have found a way around this safeguard, as well as a completely different means of attacking using a charger.
Before any app is allowed to be placed in the iOS App store, Apple reviews it for any malicious code. To get around this, the Georgia researchers devised an attack they named Jekyll, with the ability to rearrange its code. This way the malicious code does not appear until after the app has gotten into the store. Once on a device, it has the power to perform multiple operations without the user knowing it. The researchers also built a charger with a single-board computer inside. When an iOS device is connected to it, the charger is able to install arbitrary apps onto the device.
Naturally the researchers have informed Apple of the security exploits and Apple has implemented a feature in iOS 7 to notify the user if a peripheral attempts to create a data connection with the device. Indications are Apple is working to block Jekyll attacks, but has not yet released their solution.
Source: Georgia Institute of Technology