PhoneArena is looking for new authors! To view all available positions, click here.

Phone Links

more » more »
  • Home
  • News
  • Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program

Posted: , by Victor H.

Categories:

Share:

Discuss 11
Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program
Mac hacker Charlie Miller found out an exploit in iOS which would allow apps to download malicious code after their App Store acception, but in order to prove it he decided to actually submit the application. Everything went as expected, except for one little thing – Apple pulled the developer out of its iOS developer program right after it found out about the malicious software.

A rude way to address someone who actually revealed a security threat to the system? Not exactly as this is technically a violation of Apple's policies. Miller could have avoided that if he'd share the found exploits with Apple instead of just demonstrating it in their store. If the developer chose to do so, Apple would have had to respond within 5 days and only then the issue could be made public. But we still find this a bit too harsh given the fact that the developer didn't actually use the vulnerability, but rather brought to Cupertino's attention.

Developer sneaks in an app revealing iOS security flaw, gets kicked out of dev program
Miller's application was masked as Instastock, a stock app, and yesterday the developer released a public video showing off the exploit, which uses an exception in iOS versions 4.3 and later. The code he ran uses that exception to run unsigned code and can be expanded to other apps. He demonstrated the effects by remotely playing a YouTube video, enabling vibration on the iPhone and downloading all phone contacts.

Microsoft quickly jumped on the Miller PR ship by inviting the hacker to Windows Phone's dev program. Miller may or may not accept, but this gives an interesting angle at dev relations at both companies.

Finally, there are two ways to look at this story. The first and most obvious one is that Apple's iOS platform – just like any other platform – has its flaws and is not 100% secure. The second however is that Apple is acting swiftly to keep its OS clean and so far it seems that this level of protection yields good results, especially on the background of various reports about Android's openness to attacks. What do you make of it?

source: Gizmodo

Share:

Discuss11

11 Comments

  • Options
    Close




Want to comment? Please login or register.

1. android_hitman posted on 08 Nov 2011, 05:27 11 4

finally someone proved that apple is not so bulletproof as they think

Reply

8. iKingTrust (banned) posted on 08 Nov 2011, 08:11 5 2

finally? Anyone with a brain knows that there is nothing as totally secure.

Reply

2. ivanko34 posted on 08 Nov 2011, 05:50 9 5

Excommunicated of the apple church of bugology

Reply

4. paulyyd posted on 08 Nov 2011, 06:39 2 1

sweet analogy bro

Reply

3. protozeloz posted on 08 Nov 2011, 06:38 3 2

I think It might have not been so smart to do so. anyways I know people who would like to have him on their team, he is more than welcome to join XDA

Reply

5. ibap posted on 08 Nov 2011, 06:43 1

"acception"? Does no one review these things before they're posted?

Reply

6. remixfa posted on 08 Nov 2011, 06:46 6 1

way to go MS for trying to capitalize on an opportunity to pick up someone smart enough to find long existing security flaws that no one else could. How long has iOS 4.3 been out and noone has noticed?
Like normal, I think apple way over reacted. But, such is apple.

Reply

7. Sniggly posted on 08 Nov 2011, 07:19 6 2

Wait... Google acts just as swiftly to get rid of malicious attacks and apps. Why put them down in this article?

Reply

9. blackrose posted on 08 Nov 2011, 11:40 2

actually the guy told apple about it 3 weeks before it went into the app store and they choose not to pay any mind

Reply

10. downphoenix posted on 08 Nov 2011, 11:46 2

Im sure this dev DID share this information with Apple and Apple either did not acknowledge him or said that he was wrong. So he had to prove them he was right. Way to treat a developer. Hope he's smart and sticks with android or windows from now on instaed of fighting the ban.

Reply

11. gaby1451 posted on 08 Nov 2011, 20:21 1

Hey Victor,

When you said, "Miller could have avoided that if he'd share the found exploits with Apple instead of just demonstrating it in their store." He actually did do just that.

According to Engadget Mobile, "He [Miller] told CNET that he alerted Apple to the exploit three weeks ago, however it's unknown whether or not a fix for the problem is included in the new 5.0.1 version of iOS that's currently in testing."

Still, rules are rules I suppose...

http://www.engadget.com/2011/11/07/charlie-millers-latest-ios-hack-gets-into-the-app-store-gets-h/

Reply

Want to comment? Please login or register.

Hot Phones

  • Samsung Galaxy S4Samsung Galaxy S4
  • Apple iPhone 5Apple iPhone 5
  • Samsung GALAXY Note IISamsung GALAXY Note II
  • HTC OneHTC One
  • Sony Xperia ZSony Xperia Z
  • Google Nexus 4Google Nexus 4
  • LG Optimus GLG Optimus G
  • Nokia Lumia 920Nokia Lumia 920