Entries with tag security technologies.

Jekyll Applications Hide Apple Malware

Georgia Institute of Technology researchers coined a new term for those mobile applications that appear harmless, but are hiding exploitable vulnerabilities and malware: Jekyll apps. They created a proof-of-concept Jekyll app and successfully published it to the Apple app store. The application takes the digitally-signed Apple binary code and rearranges it such that it has new and malicious behaviors that remain undetected when the application is reviewed by Apple. "Since the new control flows do not exist during the app review process, such apps,” noted the researchers, “can stay undetected when reviewed and easily obtain Apple’s approval.” They created a news reading application to test the theory. Once in the Apple app store, the researchers successfully launched the Jekyll attributes of the device and launched remote attacks on a controlled group of devices with the app installed that was able to execute actions, such as sending texts and forwarding voice calls to other phones, without the user’s knowledge. It also was able to download additional malware and compromised other software on the device. The researchers said they were able to circumvent each of the major security technologies in iOS. After testing, they removed the application from the App Store and report that no other users downloaded the app while it was available. The researchers presented their work at the USENIX Security Symposium. (Computerworld)(The Telegraph)(“Jekyll on iOS: When Benign Apps Become Evil,” Wang, K. Lu, et al. in Proceedings of the 22nd USENIX Security Symposium)

Major Ticket Vendor Dumps CAPTCHA

Ticketmaster, one of the world’s largest online ticket retailers, announced it will use a different security approach in place of CAPTCHA (completely automated public Turing test to tell computers and humans apart) technology to ensure that bots are not automatically buying blocks of tickets. CAPTCHA asks users to type in warped or distorted words to prove that they are human. However, some usability experts say the system can be difficult to use, particularly for some disabled people, because the words are skewed and often form nonsensical phrases that humans have trouble deciphering. Ticketmaster is now using software from Solve Media that asks for well-known phrases, corporate slogans, product names, or responses to simple multiple-choice questions. During a trial of the new tool, Ticketmaster said, it provided good security and yielded greater customer satisfaction. On the average, the company noted, users trying to access its system took 14 seconds with CAPTCHA but only seven seconds with the Solve Media application. (BBC)(Maclean’s)(The Associated Press @ Macleans’s)

Showing 2 results.