It’s apparently very easy to develop iPhone malware, a new report shows. And it’s not Apple’s fault. The security features built into iOS and the App Store are as strong as ever, but there are certain things that make a hacker’s job a lot easier.
Mind you, this isn’t for everyone. You need to know how to code iOS apps and how the App Store works. You also need physical access to someone’s iPhone to install malware, as well as access to genuine decrypted apps. A software tool called Su-A-Cyder, created by Mi3 Security’s chief architect Chilik Tamir, lets you add malicious code any legitimate iOS application provided these prerequisites are met, Forbes reports.
The following video shows a fake Skype application for iPhone that looks exactly like the real thing. It contains hidden features that would help a hacker siphon off data from the iPhone on which it’s installed. And that data could include GPS location history, contacts and more.
The tool also connects to Apple’s servers and creates new signed certificates re-signing the app, so it looks like the real thing. Because anyone with a developer account can create an install software on the iPhone, Apple can’t do anything about it.
“Anyone with access to a device can turn it into an attacking utility,” said the tool’s architect. According to Tamir, an employee with malicious intent can grab an iPhone from a colleague and upload infected corporate software that looks like the real thing to spy on that person.
Anyone with an email address that can be turned into an Apple ID and the ability to recode iOS apps can create malware like this. However, it doesn’t mean Apple’s security has been compromised. It just shows how easy it is to circumvent some of the safety features we take for granted in iOS.
The best way to protect yourself against such attacks is to make sure you always have your iPhone with you and to lock it with a PIN or password so that nobody can get into it without your consent.