Researcher Reveals Security Vulnerability in iOS; Demos It In Apple Approved App; Gets Booted From App Store

News | Monday November 7 2011 7:40 PM | Comments (0) Tags: , , , , , , , , , ,

Security researcher and a former National Security Agency analyst – Charlie Miller has revealed that he has found a major security vulnerability in iOS that could allow malicious code to be executed on the iOS device, which could be used by the attacker to steal the user’s photos, read contacts, make the phone vibrate or play sounds etc.
Miller became suspicious of a possible flaw in the code signing of Apple ’s mobile devices with the release of iOS 4.3 early last year. To increase the speed of the phone’s browser, Miller noticed, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system.
The researcher soon dug up a bug that allowed him to expand that code-running exception to any application he’d like. “Apple runs all these checks to make sure only the browser can use the exception,” he says. “But in this one weird little corner case, it’s possible. And then you don’t have to worry about code-signing any more at all.”
Miller also developed an app to show the vulnerability, which was briefly approved by Apple :
Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants. In the video below, he demonstrates it reading an iPhone ’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the booby-trapped app.
Apple has quickly removed the app from the App Store and also terminated his developer license for breach for developer agreement.
“This letter serves as notice of termination of the iOS Developer Program License Agreement…between you and Apple ,” the email read. “Effective immediately.”
This is not the first time Miller has found a security flaw in iOS. In 2009, he had discovered a
.
Apple has a week’s time to fix the security flaw as Miller plans to present his findings at the SysCan conference in Taiwan next week.
Do you think Apple has done the right thing by booting Miller out of App Store? Are you worried about the security vulnerability?

No Comments »

No comments yet.

RSS feed. TrackBack URI

Leave a comment

You must be logged in to post a comment.