Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Researchers get malware app approved by Apple

Researchers get malware app approved by Apple
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 19, 2013, 06:16 AM
 
The security of Apple's App Store approval process has had its credibility challenged following revelations that it approved an app that was submitted by researchers with remotely assembled malware hidden in its code. According to Technology Review, the team from Georgia Tech monitored the app throughout the approval process and found that Apple only ran the app for a few seconds before approving it. This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails.

"The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed," said Long Lu, a member of the team at Georgia Tech, led by Tielei Wang. "The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen," Lu asserted.

In May this year one of our editors, Sanjiv Sathiah, reported discovering two fake apps that had slipped through Apple's app approval process. Apple removed the apps upon being notified of their existence. At the time, MacNN contacted Apple regarding the two fake apps and spoke to Apple spokesperson Jesse James. James was not prepared to comment on how the apps were able to slip through Apple's app approval process, but was only prepared to state that the "Apple App Store is the only curated app store in the world."
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Aug 19, 2013, 07:41 AM
 
I wonder if Apple will trigger the kill switch for this app.
     
prl99
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Aug 19, 2013, 09:45 AM
 
Developers complain about how long it takes to get their apps approved. Now this process will take even longer to make sure apps like this "research" app doesn't get through. I can see Apple shutting down the approval process like they did the developer website to change the entire process. I hope this team contacted Apple before spreading it all over the web. Wait, why would they. If they did they wouldn't get the recognition they were looking for.
     
hayesk
Guest
Status:
Reply With Quote
Aug 19, 2013, 10:00 AM
 
App reviews are held by regular people. And they don't have magic "code-monitoring" apps to watch if bad things happen (how do you define a "bad thing" anyway).

Sometimes some get through, but when discovered, they are pulled pretty quickly.
     
azrich
Forum Regular
Join Date: Apr 2010
Location: Prescott, AZ
Status: Offline
Reply With Quote
Aug 19, 2013, 10:05 AM
 
prl99- check out the linked article. It says there that the only devices the app was installed on were the researcher's own, where the malware worked as designed. The article also says they took it down before anyone else could get it. I don't think these are glory seekers so much, but that's just my take on it.

I'm glad these guys were the first to get one like this through vs some real bad coders. This shows the complexity of security in this day and age. It reminds me of messages encoded in JPG images being sent between spies.
     
Marook
Forum Regular
Join Date: May 1999
Location: Copenhagen, DK
Status: Offline
Reply With Quote
Aug 19, 2013, 10:07 AM
 
Hmm, as far as I know, you are NOT allowed to fetch/build code not already in the App, so by doing this, they broke the developer agreement.. That's also why Java & Flash is not allowed!

Wonder how they did that..
Marook
At least - it's a reply...
     
prl99
Senior User
Join Date: Mar 2009
Location: pacific northwest
Status: Offline
Reply With Quote
Aug 19, 2013, 10:11 AM
 
azrich--it's called Steganography and I wonder if malware detection software actually checks for these types of things.
     
YangZone
Junior Member
Join Date: May 2000
Location: San Francisco, CA USA
Status: Offline
Reply With Quote
Aug 19, 2013, 12:09 PM
 
Knock-knock...
     
Sandman619
Fresh-Faced Recruit
Join Date: Jul 2006
Status: Offline
Reply With Quote
Aug 19, 2013, 05:24 PM
 
The issue here is that Apple's iOS terms do not permit apps to download remote code. This is probably more of an honor system, since there probably isn't anyway to prevent this from happening, since it is controlled on the developer side. Apps designed this way would be hard to detect, since the developer would not execute such code until after the app is approved. Apple would probably need to conduct a post approval app review if they want to catch these apps
     
broohaha22
Fresh-Faced Recruit
Join Date: Jul 2006
Status: Offline
Reply With Quote
Aug 19, 2013, 06:42 PM
 
"This did give Apple the time to detect the malicious code which subsequently assembled into malware that could steal personal information, device IDs, photos as well as send texts and emails."

I think this should have said "This did NOT give Apple the time to detect the malicious code...."
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:26 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,