A newly discovered bug for Apple devices both allows hackers to execute unapproved code, and helped one developer get quickly kicked out of the iOS developer program.
Apple devices have been notoriously hard on its security measures, particularly with iOS devices. The series of products have been relatively safe from malicious intrusion, because Apple demands it approves all code, or codesigning, before allowing an application into its marketplace. Approved code can only perform functions allowed within the iOS ecosystem, under Apple’s rule. But Charlie Miller, a developer and security researcher with Accuvant, found a way to circumvent Apple’s tight review process by poking a to-be-released bug, connecting the app to the web browser.
Exploiting this hole, Miller wired his app to check in with his computer at home when opened. If the app received code from Miller’s computer, it would start to run the associated actions such as pulling up a YouTube video, vibrating, making noise, and even lets Miller download the entire address book or photos to his computer. See a video below for Miller’s demonstration (also see Miller Rick Roll himself).
“Codesigning is important because that’s the way that the iPhone protects you from malware,” said Miller in his video. “The flaw I found allows apps that are in the app store to download new code and run it even if its not signed.”
The app, InstaStock, was quickly taken down from the App Store after Miller posted his video. Miller was also removed from the Apple developer program, to which he tweeted, “OMG, Apple just kicked me out of the iOS Developer program. That’s so rude!”
Usually people clue a vulnerable company in to the found flaw or bug before going public with the news. Whether Miller did this or not, is unclear, but he does follow up his tweet with, “First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry.”
Some security analysts and researchers are paid to find holes in their systems, to help secure anything overlooked. Indeed, even past hackers such as Kevin Mitnick, famed phone phreaker who spent years in jail for his hacking escapades, are hired on to perform these tasks, using an expertise considered illegal to execute otherwise.
For now, Miller is not releasing exactly the bug allowing him to give Apple’s security measure the go-around, but says he will present it at both the Syscan and Infiltrate security conferences in the coming weeks.
VB's research team is studying mobile user acquisition... Chime in here, and we’ll share the results.