A Review of Jekyll iOS Security
Earlier this week I did a review of the paper “Jekyll on iOS: When Benign Apps Become Evil”; A paper from USENIX 22 presented a couple weeks back. The main focus of the paper is to present a model that allows malicious attackers to design a seemingly innocent iOS app that can accomplish several powerful attacks including taking photos, sending SMS/Email/Tweets, exploiting the OS kernel, and a Trampoline Attack that takes advantage of Safaris extra privileges. They call this model or app Jekyll because of how the app behaves. If you’re familiar with the old story Strange Case of Dr Jekyll and Mr Hyde, you should have a good understanding of the basic idea.
I found this paper particularly interesting because it seems like iOS exploits are rarely talked about. This at least seems to be true in our weekly Kansas State security reading group. Often our mobile security discussions are about Android. I don’t believe it’s because iOS is that much more secure over Android, but rather a lot of process behind iOS isn’t as open as it should be. This paper brings several potential issues with the App Signing process, the way apps are sandboxed on iOS, and other issues related to a few security models iOS implements such as Data Execution Prevention (DEP) and Address Space Layout Randomization. Both of these two techniques aim to prevent third-party apps from becoming malicious. What’s interesting about this paper is the researchers present a way to get around these security measures and implement a pretty powerful app. They also got it published on the App store with the Apple seal of approval.
The full paper can be found here. And the official USENIX page can be found here (which includes a video of the full talk from the conference).
Below are the slides I used for my talk at K-State about the paper.