Researcher: iOS flaw raises questions about App Store's security
The security hole could let hackers steal photos, contacts and send texts, he says
Charlie Miller, the researcher, is one of the most prominent Apple hackers
Miller says he alerted Apple to the bug three weeks ago
A bug in Apple’s mobile operating system allows hackers to take control of iPhone and iPad apps, using them to steal people’s photos, contacts and even send text messages without the device’s user knowing about it, according to a notable computer security researcher.
Charlie Miller, a researcher at Accuvant and one of the world’s best-known Apple hackers, said Tuesday that the bug proves the Apple App Store isn’t as safe as advertised.
“Until now, you could just blindly trust and download as many apps as you wanted and not worry about it,” Miller said in an interview with CNN. “But until they fix this, you really should think twice about any apps you’re downloading, because they could be malicious.”
Miller said he alerted Apple to the bug three weeks ago and the company told him a fix was in the works. Apple did not respond to CNN’s request for comment on the apparent security flaw, which Miller explains in detail on YouTube.
He plans to show people how the bug works at an upcoming computer security conference in Taiwan, called SyScan. To date, he has not released details that would allow hackers to take advantage of the apparent security flaw, and he said he has no evidence that hackers have used the hole to manipulate iPhones and iPads.
Miller says he has exposed the bug to prevent a hacker with bad intentions from taking advantage of iPhone and iPad owners.
As thanks for that work, he said, Apple banned him from the iOS developer program for a year.
“I think it’s pretty rude,” he said. “If you think about what I’m doing – I’m pointing out a flaw that would affect everybody and that the bad guys could use to install malware (malicious software). And they’re not paying me, I’m just doing it to be nice.”
He did upload an app, called Instastock, which was armed with this capability, he said. That app only was capable of hurting his own devices, he said, and was uploaded to the App Store to test the bug. “It’s not evil or bad or anything,” he said. “It never even downloads code and runs it unless I run it.” It since has been removed from the App Store.
If hackers found the security flaw, he said, any iOS app could be compromised in a way that malicious code could be installed through the app and onto the device.
“It could grab your address book and ship it off to the bad guy,” he said. “It could grab all your photos and ship them off to a bad guy.”
That’s a big deal for Apple’s App Store, he said, since until now, that online marketplace for iPhone and iPad programs had been free of malicious software. Apple checks each app before it’s approved for sale at the App Store, which allows the company to keep bugs out.
This hack could take advantage of a flaw in that checking system to compromise any app, Miller said. He said that essentially reduces the App Store’s security to that of the Google Android Market, since Google doesn’t screen apps in the way Apple does.
But overall, the App Store is still safer than the Android Market, Miller said.
“It’s totally just a blip,” he said of the security hole. “I’m very happy with the way (Apple has) designed the system to prevent malware. It’s really the ideal situation.”
He added: “It’s a very safe environment except for this. It just shows that you’ve never completely safe.”