A Georgia Tech researcher has found a weakness in Apple's iOS mobile platform that could let hackers to hide malicious code inside apps and can be surreptitiously planted on the Apple App Store.





Researchers team created a proof-of-concept attack that was published in the Apple App Store and used to remotely launch attacks on a controlled batch of devices , enabling them to post unauthorized tweets, take photos and even go after other apps.

"Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps all without the user's knowledge."





Using a BeagleBoard, team created a USB malicious charger called Mactans that can install apps without user knowledge within a minute of being plugged in.





In one demonstration, the attacker was able to hide the iPhone Facebook application and install a malicious copy in its place. The malware executed its task, then launched the legitimate hidden copy of Facebook, leaving the user none the wiser.



