Apple is taking action after researchers discovered security weaknesses in iOS that allow the installation of malware on devices through peripheral devices and apps that conceal malicious code.

In research published at the end of July but now gaining wider media attention, a team at Georgia Tech Information Security Center (GTISC) demonstrated that Apple’s generally solid security is not completely bulletproof.

One project saw malicious code, which would normally be rejected if spotted, hidden in submissions. The ‘Jekyll’ proof of concept allows an app to rearrange itself so its malicious intent is undetected during the approval process.

Once installed, it can be instructed to carry out malicious tasks such as posting tweets, sending emails and SMS, taking photos and attacking other apps — all without the user’s knowledge.

Another strand of the research successfully installed malicious apps via a phone charger containing a small single-board computer. The team installed apps in this way on the latest version of iOS, without the need for user interaction or for the device to be jailbroken.

Since learning about the research, Apple has implemented a feature on the forthcoming iOS 7 that notifies users when a peripheral device attempts to establish a data connection. The iPhone maker also indicated it is working to address the weakness exposed by Jekyll.

GTISC associate director Paul Royal said the results “challenge previous assumptions of iOS device security”, but that he hopes Apple will address concerns that arise from research in future updates.