Decision time? Check out our latest product comparisons

iOS developer exposes security flaw, gets blacklisted

By

December 29, 2011

After discovering and reporting an iOS vulnerability, security researcher Charlie Miller's...

After discovering and reporting an iOS vulnerability, security researcher Charlie Miller's Developer Program License Agreement was terminated by Apple (Photo: Glen Bledsoe)

Apple has effectively blacklisted respected security researcher Charlie Miller after he discovered and reported a potential vulnerability with iOS apps. Exploiting the flaw (subsequently patched by Apple), Miller created an app that made it possible to steal data from, and take control of, other iOS devices. Further, Miller managed to get the app through Apple's approval process.

Though the version of Miller's InstaStock app - ostensibly a stock market tracker - submitted to the App Store contained no overtly malignant code, it was capable of downloading and running additional unsigned code from a remote server once installed on a user's device. The app demonstrated that, prior to the iOS 5.0.1 update, it was possible for iOS apps to access and execute rogue code from third party sources that it was impossible for Apple to verify.

In a demonstration of the app in a YouTube video (uploaded back in September), Miller downloaded the app as would have been approved by Apple, presenting the user with straightforward stock market data. Having deleted the app, Miller made a "payload" of code available on a remote server and re-downloaded his app from the App Store - a necessary step since Miller had designed his app to only download additional code on its very first use. On this occasion, the app immediately rickrolled the user at launch - a benign enough experience, but as Miller points out, the code - unreviewed by Apple - "could have done anything."

With a second payload demonstrated by Miller, he was able to control an iPhone running the device from a command line on the remote server. From the command line Miller was able to view the iPhone's files and processes, make the phone vibrate, and copy its address book data.

Though Apple credits Miller for highlighting the flaw, he received an email in early November giving notice of the termination of his iOS Developer Program License Agreement mere hours after making his findings known - though interestingly, more than three weeks after making the issue known to Apple.

As Miller has freely admitted, he did violate the terms of the developer agreement and as such Apple is entitled to terminate it. But with his track record, Miller argues Apple has been short-sighted. "I report bugs to them all the time," he told Forbes. "Being part of the developer program helps me do that. They're hurting themselves, and making my life harder."

Though Apple has addressed the specific issue, and putting to one side the rights or wrongs of Miller banishment to app-development limbo, his story again raises questions as to the thoroughness and consistency of Apple's arcane app approval process.

Miller's video demonstrating the vulnerability prior to Apple's patch (and when the app was openly available on the App Store) is below.

About the Author
James Holloway James lives in East London where he punctuates endless tea drinking with freelance writing and meteorological angst. Unlocking Every Extend Extra Extreme’s “Master of Extreme” achievement was the fourth proudest moment of his life.   All articles by James Holloway
Tags
12 Comments

I've said this before; I have had a macintosh since they were available in 1985 and I have invested in no less than 6 iphones over the past few years (with my own and my children's phones) but I've had it with the direction apple has taken recently. This is my last mac and i, for one, will not buy another iphone.

I've watched as apple transformed from the corporation 'for the rest of us' to a controlling, maniacal, greedy, nothing-at-all-for-free corporation to rival the legendary efforts of microsoft.

I blame Steve Jobs, who after his initial illness was a changed man and not the cherubic co-founder of apple. Regardless, apple has forgotten those responsible for their success.

Christopher Porozny
29th December, 2011 @ 02:50 pm PST

Miller got the publicity he sought. He knew the rules and figured he was above them all.

People who judge products solely on politics and ideology are not beyond my ken. I'm supporting a couple of boycotts right now. They're over serious social issues like bigotry - not some publicity-seeking geek having his pinkies slapped/

Eideard
29th December, 2011 @ 05:07 pm PST

I'm not even going to watch the rest of Charlie's video - everything he says at the start is utter rubbish. Code signing is so Apple can block other people selling things wihtout Apple making their 30% commission.

The App Store approval process does not do any anti-malware checking nor any checking to see if your app "does anything bad". Authors do not submit source code - and Apple would not have the resources to do a code-review of all apps even if Authors *did* submit it.

There is simply NO WAY Apple can detect time-bombs or code downloads or deliberate/accidental side effects and so forth.

christopher
29th December, 2011 @ 05:20 pm PST

As if I didn't already have enough reason to avoid buying Apple products, they just keep adding more to the list.

I'm so glad the courts saw reason and released Galaxy Tab to the market after Apple sought to ban it's sale in Australia. Thanks to Apple, the Galaxy Tab is now well known and will crush Apple's market share.

Australian
29th December, 2011 @ 09:02 pm PST

@ Christopher Porozny

You know what I'm tired of? Consumers who are suck asses. Who don't know what they really want. Who don't really reearch the market but who "follow" the latest craze. Like spending 800 bucks on an iPAD for their kids when you can buy a complete laptop with that money and it can serve far more useful purpose than just surfing the net, taking pictures or playing crap games.

Steve was an innovator. However, don't forget, he was a business man too. Apple has 40,000 employees. Its not a small corporation anymore and what do I hear? Almost the same whining crap I hear about Microsoft now coming from Apple loyalists.

You people are never happy

Rocky Stefano
30th December, 2011 @ 06:38 am PST

Steve Balmer look out...you've got competition equally or more committed to world domination that even you...and Apple used to be a people-driven company.

Mirmillion
30th December, 2011 @ 08:04 am PST

@ comment Rocky Stefano

Not only did your comment not address anything Christopher Porozny wrote, it presumed fandom that is not apparent in his comment. I don't own anything Apple, yet I see merit in Porozny's explanation (which you do not address). Instead of resorting to belittlement, how about explaining how what he wrote was in any way wrong? How does a company scrutinize more than half a million apps? I don't know of any business that is held to that degree of responsibility. I don't even believe that the public-at-large would be so foolish to think that the apps they download even directly from the iTunes store would be so reliably malware-free. Both the Android market site and iTunes stores have express disclaimers that put them on even ground (which is typical of nearly every software vendor in the world).

This one issue isn't about mindless fandom or being lured by popularity. The marketed hype is real and your perception certainly has some validity. But this is not a situation that could not have happened in exactly the same way to the Android marketplace or other competitors.

Cabhan
30th December, 2011 @ 01:16 pm PST

TAKE A LOOK , APPLE USERS

Wayne Day
30th December, 2011 @ 01:51 pm PST

@ christopher "I'm not even going to watch the rest of Charlie's video - everything he says at the start is utter rubbish. Code signing is so Apple can block other people selling things wihtout Apple making their 30% commission"

this argument has never held any water, as with the same argument for the lack of Flash. You can publish a free app to the app store, so that it's promoted and downloaded at Apple's expense, and use Admob so you and Google get the money off it, and Apple doesn't get a penny - in fact they loose money.

Inappropriate Response
1st January, 2012 @ 07:34 am PST

I would consider it short sighted to blacklist someone who had pointed out a flaw in the system. Apple needs to remain a brand that not only innovates in technology but also in how to keep its young brand of renegades loyal.

atideman
1st January, 2012 @ 08:20 am PST

I agree with atideman but will add that I suspect the way the problem was presented is most of the issue. If a thief goes into a bank and shows he can pull off a robbery it is not likely that it will be looked on as being helpful to the banks security even if the robber turns himself in. I think both the bank and Apple would learn something but how you present your findings is also important. The method used here will get you far more publicity which seems to be what many coders are looking for but they should be happy that they aren't thrown in jail, although in the case of the robber I suspect they would be.

katgod
1st January, 2012 @ 05:29 pm PST

At last somebody has a clue. If I go into a bank and rob it to show the security flaws in the bank what sort of leniency do you think I'd get in court???

And the silly man who takes this as 'another reason not to buy from Apple'. Apple has been and always will be a corporation!! I have never needed anti-virus software on any Mac because they actually take security seriously. Similarly iOS is locked down tight.

So go right ahead, have fun with the Norton updates...

Neil
2nd January, 2012 @ 07:43 pm PST
Post a Comment

Login with your gizmag account:

Or Login with Facebook:


Related Articles
Looking for something? Search our 29,140 articles