Researchers at Georgia Tech Information Security Center have disclosed that malware can be installed onto Apple iOS devices through Trojan horse-style applications and peripheral devices.
We witness perpetual propaganda just about every day when security researchers discover a new-found vicious threat to just about any type of system, even including the security-coveted Apple iOS operating system powering iPhones, iPads and iPod devices.
Reportedly, the researchers at Georgia Tech have found a certain security weakness in the Apple iOS operating system that may allow a hacker to compromise an iPhone. With anything Apple, there is a stringent process put forth before anything lands on an iOS device considering it is running an authentic version of iOS. In knowing that Apple sends all apps through a checks and balances system to make sure it is safe, iOS has remained to be one of the safest and most secure mobile operating systems as of late.
The news of Georgia Tech researchers slipping malware onto an iOS device comes as a surprise to many, but we are certain that the method isn't exactly easy. After delving into the technique developed as part of a proof-of-concept attack, the malicious code is hidden to slip by Apple's review process. The attack is basically an app that can perform several malicious tasks like taking photos, sending SMS and email messages, attack other apps and post tweets at random. The attack is called Jekyll, for obvious reasons because it can do all of these things without ever letting the user know about it.
After the successful publishing of the malicious app, it was found that remote attacks could be launched on a controlled group of devices. Despite running inside of the iOS sandbox, the Jekyll-based app can be initiated to perform its malicious duties.
Part of the proof-of-concept in infection, one of the Georgia Tech researchers used a malicious charger comprised of an inexpensive single-board computer that resembles a normal iPhone charger. Once plugged into the device, it then secretly installs the malicious app.
To nip things in the bud, it had been revealed that in Apple's yet-to-be-released iOS 7 a feature that notifies users when a peripheral device plugged in attempts to establish a data connection will be implemented. A data connection would be required for infiltrating an iOS device so this recent security breach in iOS could be dead in the water very soon. However, knowing how crafty researchers can find a way to exploit the current Apple iOS through methods simple for those with the proper knowledge, proves that hackers could potentially have the upper hand against just about any type of system even if it is said to be the most secure of the bunch.