Georgia Tech uncovers iOS security weaknesses

Jul 31, 2013

Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform.

"Apple utilizes a mandatory app review process to ensure that only approved apps can run on iOS devices, which allows users to feel safe when using any iOS app," said GTISC Associate Director Paul Royal, also a research scientist in the College of Computing. "However, we have discovered two weaknesses that allow circumvention of Apple's security measures."

Using different approaches, research scientists Tielei Wang and Billy Lau learned that can be installed onto iOS devices via Trojan Horse-style applications and peripherals. Wang's approach hides that would otherwise get rejected during the Apple review process. Once the malicious app passes review and is installed on a user's device, it can be instructed to carry out malicious tasks.

Wang's team developed a proof-of-concept attack, called Jekyll, which rearranges its own code to create new that is not exhibited during Apple's approval process. This allows the malicious aspects of the app to remain undetected when reviewed and therefore obtain Apple's approval.

"We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices," said Wang. "Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps—all without the user's knowledge."

Taking a different approach, Lau decided to investigate the extent to which were considered when performing such as charging a device. Lau and his team created a proof-of-concept malicious charger using a small, inexpensive single-board computer. Called Mactans, it can easily be constructed to resemble a normal iPhone or iPad charger. However, once plugged into an iOS device, Mactans stealthily installs a malicious app.

"Despite the plethora of defense mechanisms in iOS, Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software," said Lau. "All users are affected, as our approach requires neither a jailbroken device nor user interaction."

Both Wang and Lau's teams notified Apple upon the discovery of these . Following GTISC's disclosure of Mactans, Apple implemented a feature in iOS 7 that notifies users when they plug their mobile device into any peripheral that attempts to establish a data connection. Apple has indicated that it is continuing to work on ways to address the weaknesses revealed through Jekyll and, as of yet, has not publicly released a solution.

"These results are concerning and challenge previous assumptions of iOS device security," said Royal. "However, we're pleased that Apple has responded to some of these weaknesses and hope that they will address our other concerns in future updates."

Explore further: Georgia Tech trio to reveal iOS test exploit at Black Hat

More information: Lau and Wang's findings are summarized in two papers: "Mactans: Injecting Malware into iOS Devices via Malicious Chargers," to be presented at the Black Hat USA 2013 conference July 27-Aug. 1 in Las Vegas; and "Jekyll on iOS: When Benign Apps Become Evil," to be presented at the 2013 USENIX Security Symposium August 14-16 in Washington, D.C.

Related Stories

Recommended for you

Android gains in US, basic phones almost extinct

Apr 18, 2014

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...