June 18, 2015
George Frey—Getty ImagesApple's iPhone 6 (R) and iPhone 6 Plus (L) phones are shown together at a Verizon store in Orem, Utah on September 18, 2014 in Orem, Utah.
Malicious app that can steal passwords was approved for the App Store
Apple devices are often thought to be more secure than open platforms such as Windows and Android, but a recent study shows there are still significant malware threats for iPhone and Mac owners.
Researchers from Indiana University, Peking University and Georgia Tech have published a study highlighting security issues with the way apps communicate with each other on iOS and OS X. The researchers created an app that was able to steal users’ data from the password-storing keychain in OS X, as well as pilfer passwords from banking and email accounts via Google Chrome.
The researchers’ app was able to bypass the security measures Apple has in place to ensure one app can’t gain access to other apps’ data without permission. Methods used include hijacking a browser extension so hackers can collect passwords when users type them in and deleting passwords from the OS X keychain so they can be retrieved when the data is re-entered.
The biggest issue regarding the malicious app is that it was approved for placement in the App Store, which is supposed to be pre-screened by Apple staff for potentially malicious apps. Apple did not immediately respond to a request for comment.
The researchers said they informed Apple about the vulnerability in October but were asked to hold off on making the information public for six months. However, according to their study, the problems still persist. A system-wide update to OS X and iOS is the only way to fully protect against the vulnerabilities, according to the study’s authors.
No comments:
Post a Comment