• Recently Discovered iOS Security Exploit Allows Users' Information To Be Accessed

    Charlie Miller, a well-known Mac hacker and researcher has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device through the use of exploiting a flaw in Appleís restrictions on code signing. According to Forbes, the restrictions allow the malware to steal user data and take control of certain iOS functions.

    Miller explained that the code signing restrictions allow only Appleís approved commands to run in an iOS deviceís memory and apps that violate these rules arenít allowed in the App Store. He found a way to bypass Appleís security check by exploiting a bug in iOS code signing, one which allows an app to download new and unapproved commands from a remote computer. The malware can then be used to read userís contacts, make the phone vibrate or sound a ringtone, steal userís photos, and more whenever the developer chooses. According to Miller:

    Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you canít be assured of anything you download from the App Store behaving nicely.
    The flaw first surfaced with the release of iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a deviceís memory than in previous iterations of the iOS platform. Miller was able to realize that the increased speed forced Apple to create an exception for the browse to run unapproved code, and the researcher soon was able to find a bug which allowed him to expand the code beyond the browser to any app downloaded from the App Store.

    To showcase the exploit he found, Miller created an app called ďInstastock,Ē which he submitted and Apple approved. The app appears to be a simple stock ticker but it can leverage the code signing bug and communicate with Millerís server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos, and other files. The app has been pulled from the App Store and according to a recent tweet of his, Miller has been banned from the Apple Store and kicked out of the iOS Developer program as well.

    To provide more info on the exploit, Miller will be giving a talk at the SysCan conference in Taiwan next week. He wonít be public revealing the exploit though giving Apple time to fix the issue at hand. He does do a good job of showing it off in a video, which can be found below:

    For those of you who donít already know, Charlie Miller isnít a novice when it comes to iOS or Mac security. In 2008, Miller broke into the MacBook Air in two minutes through Safari amongst many other feats.

    What do you think of the whole ordeal? Do you think Apple made a smart move in banning him? Share any thoughts below!

    Source: Forbes, Twitter
  • Connect With Us

  • Twitter Box

  • Facebook