Scientist finds hole in Apple security

Another researcher at the Georgia Institute of Technology has found a way to bypass Apple Inc. security measures and install malware on the iPhone maker’s devices, the university said this week.

The scientist, Tielei Wang of Georgia Tech’s Information Security Center, was able to install an application with Trojan horse-style features that eluded Apple’s app review process, the school said.

In June, a team led by ISC scientist Billy Lau said it was able to bypass security features that protect Apple devices from viruses and other malware by using a “malicious charger.”

“The goal is to identify weakness in order to expose those weaknesses to companies and to users so their devices can be more secure,” said Michaelanne Dye, a spokeswoman for Georgia Tech’s College of Computing.

Lau’s findings were presented this week at the Black Hat USA 2013 technology conference in Las Vegas. Wang’s findings will be presented at the 2013 USENIX Security Symposium on Aug. 14-16 in Washington, D.C.

Dye said researchers focused on Apple devices because the company takes apps through a stringent review process before making them available at its online App Store.

According to Georgia Tech, once Wang’s app successfully got past Apple screening, he was able to carry out malicious tasks. The app, however, never made it to the App Store.

Georgia Tech said Lau was able to construct a malicious charger that resembles an iPhone or iPad charger, but once plugged into a device using Apple’s iOS operating system, the device was able to install a malicious app within a minute of being plugged in.