When it comes to security generally most would agree that iOS is one of the most secure operating systems of the planet. Despite the fact new vulnerabilities are being discovered on what is seemingly a consistent basis this is really only because security specialists are drawn to iOS for a challenge. And when you look at the amount of flaws within Android, iOS looks like a knight in shining armor when it comes to security.
At least it did before a press release was put out by Georgia Tech last week that detailed work by researcher Billy Lau and his team.
So just what did Lau and his team discover?
Well they discovered a serious flaw that allows pretty much anyone to sneak malicious software past Apple’s review team without you being aware of anything.
Wang’s approach hides malicious code that would otherwise get rejected during the Apple review process. Once the malicious app passes review and is installed on a user’s device, it can be instructed to carry out malicious tasks.
To prove that this works Wang’s team developed a proof-of-concept attack, called Jekyll, which rearranges its own code to create new functionality that is not exhibited during Apple’s approval process.
This apparently allows the malicious aspects of the app to remain undetected when reviewed and therefore obtain Apple’s approval.
Wang and his team actually was able to prove that “despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”
Luckily Apple actually responded to the discovery of the vulnerability and are actively working on a way to address the issue in a future firmware update (likely iOS 7). Still it is a pretty scary discovery to say the least…
And that sounds like their work could have alerted Apple to what might have been an exploit. Durrrr, Good job guys.
Joshua Jones Makaveli says
NSA is happy with that right.
Jaden's full of BS says
iOS does not look like a knight in shining armour, you clearly don’t know a thing about android
Eoin Lavery says
Judging by you’re name, you are a troll for starters. Secondly, i remember the article maybe a month ago? Where over 900 million Android devices where at risk because of a bug, of which Google was refusing to comment on?
So yes, Android is clearly more secure than iOS isn’t it…