Sign in with
Sign up | Sign in

iOS Bug Allows Malware to Be Sold in Apple App Store

By - Source: Computer World | B 42 comments

According to Denver-based security consultant Charlie Miller, the Apple App store is vulnerable to infiltration by malware apps that can pose a significant risk to Apple customers. Miller, 4-time winner of the Pwn2Own hacking contest and an employee of security consulting firm Accuvant, managed to submit and gain Apple's approval to sell an app that exploited a previously unknown iOS bug.

The app, a fake stock ticker called "Instastock", works by exploiting an exception Apple made for the Safari browser with iPhone 4.3. Previously, all apps had to be signed in to its e-mart; any code not signed is subsequently rejected by iOS. With iPhone 4.3, the Safari browser itself  - functionally similar to any other app - was excluded from that requirement in order to expedite the execution of Javascript execution. Miller's fake stock ticker app spoofed Safari code, tricking iOS into waving it through customs, so to speak. Once installed, "Instastock" pings a server at Miller's home and requests to download additional software, proving that the App Store can be used to distribute malware to unsuspecting customers with surprising ease.

Though Miller may have done Apple an enormous favor by identifying an enormous vulnerability and making it public, a move likely to help Apple avoid the fate of the Android market, which has had a notorious problem with malware apps in the last year, Apple isn't having it. Yesterday, Miller tweeted that he'd been kicked out of Apple's iOS developer program. Miller claims to have informed Apple of the flaw in October, but didn't warn them about putting the App for sale (a move he insists was necessary to prove the flaw's seriousness).

He has now been officially banned from the iOS developer program for one full year. Probably for the best, as not having to worry about people helping to identify potential threats to their customers will give Apple more time to pursue vicious legal action against tiny competitors.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 20 Hide
    stonedatheist , November 9, 2011 8:39 AM
    Banning a white hat hacker that is helping them find potential threats in their OS? Apple has sunk to a new low.
  • 20 Hide
    cumi2k4 , November 9, 2011 8:21 AM
    Didn't Apple heard of old adage "don't shoot the messenger"?
  • 15 Hide
    Goldengoose , November 9, 2011 9:06 AM
    Apple and their actions just remind me of a child. Give them advice and they throw it back in your face, have something they don't and they throw a tantrum and ask mummy to sort it (the current state of patents and courts).
Other Comments
    Display all 42 comments.
  • 20 Hide
    cumi2k4 , November 9, 2011 8:21 AM
    Didn't Apple heard of old adage "don't shoot the messenger"?
  • 3 Hide
    Scanlia , November 9, 2011 8:31 AM
    I thought Apple was controlling and secure....
  • 20 Hide
    stonedatheist , November 9, 2011 8:39 AM
    Banning a white hat hacker that is helping them find potential threats in their OS? Apple has sunk to a new low.
  • 15 Hide
    Goldengoose , November 9, 2011 9:06 AM
    Apple and their actions just remind me of a child. Give them advice and they throw it back in your face, have something they don't and they throw a tantrum and ask mummy to sort it (the current state of patents and courts).
  • 10 Hide
    digisol1 , November 9, 2011 9:21 AM
    Looks to me he went and tried the proper channels and they were not receptive. To bad he is white hat, the skiddies will prolly leave apple alone - ask Sony how well it worked out for them when they went after geohot.
  • 10 Hide
    ojas , November 9, 2011 9:37 AM
    i really appreciate anyone who exposes security flaws in Apple's software/devices because they keep acting like they're not vulnerable.
    Quote:
    Yesterday, Miller tweeted that he'd been kicked out of Apple's iOS developer program.

    While Google pays for each vulnerability that people discover in Chrome. I hope Miller embarrasses Apple real bad next time.
  • 8 Hide
    hetneo , November 9, 2011 9:50 AM
    And people like to say that Apple's security policy is not "if you don't know about it, it will not hurt you".
  • 11 Hide
    house70 , November 9, 2011 10:10 AM
    scanliaI thought Apple was controlling and secure....

    No, it's just controlling.
  • 5 Hide
    house70 , November 9, 2011 10:14 AM
    thekanesterTechnically speaking, he did contravene the terms and conditions of the agreement. What did he expect would happen? That Apple would welcome him into the fold/offer him a job in the security department and pat him on the head?

    Apple made the terms and conditions you mentioned, they could have bent their own rules for the greater good (and their own). It's not about that, it's about their stupid pride and claim they're secure by default; when someone points at the holes in their shoes, this is the answer.
  • -5 Hide
    watcha , November 9, 2011 10:34 AM
    Also very interesting reading one of his recent tweets:

    Quote:

    '0xcharlie
    @ioerror lol, cause google is nice, oh wait, they tried to get me fired when I reported my first android bug, nm.'

    Seems like Google tried to take it one step further to sweep things under the rug.

    http://twitter.com/#!/0xcharlie
  • 1 Hide
    billybobser , November 9, 2011 10:53 AM
    lollers, but no one ever hacks apple because they're so awesome.

    I imagine stealing money from people already willing to get shafted by apple would be much more profitable than attempting this kinda thing on others.
  • 2 Hide
    Anonymous , November 9, 2011 10:54 AM
    @watcha the problem is that this security expert made it public by posting a YouTube video about the app on the App Store, the real hackers are just sitting back and reading your silly comment.
  • 7 Hide
    nukemaster , November 9, 2011 11:42 AM
    watcha.....but instead decided to go one step further and leave the mass market vulnerable to the virus. This is obviously, clearly irresponsible, ......

    It was his own computer it linked too. I do not think he was sending out viruses. He did prove that the Apple screening process is still crap. If he can do it how many other apps are out there like this with a real payload on the other end.

    He did tell them. they just did not care. It is hard to hear people when you and rolling in money....
  • 6 Hide
    anonymous32111 , November 9, 2011 11:54 AM
    Sorta wish he just released malware without ever telling crapple about it, after the way they responded to this. Bad things happen to good people, so he must be doing something right.
  • 1 Hide
    tramit , November 9, 2011 1:06 PM
    nukemasterIt was his own computer it linked too. I do not think he was sending out viruses. He did prove that the Apple screening process is still crap. If he can do it how many other apps are out there like this with a real payload on the other end.He did tell them. they just did not care. It is hard to hear people when you and rolling in money....


    And is that compared to the relatively non-existent app screening process of Android? Relatively the screening process is still a success and has minor flaws every now and then. I don't expect perfection in software ever.
  • 0 Hide
    del35 , November 9, 2011 1:23 PM
    Apple itself is malware. The sooner we get rid of it, the sooner we will return to open standards and user accessible batteries...

  • -2 Hide
    watcha , November 9, 2011 2:25 PM
    nukemasterIt was his own computer it linked too. I do not think he was sending out viruses. He did prove that the Apple screening process is still crap. If he can do it how many other apps are out there like this with a real payload on the other end.He did tell them. they just did not care. It is hard to hear people when you and rolling in money....


    If your phone could be controlled by a notorious hacker at will, I think you'd regard it as having a virus. The computer it connects to can always be compromised.

    He proved that the screening process isn't perfect, but he didn't need to do that in order to prove the issue. He told them, and they did care, and they are probably working on a fix. That doesn't make it OK to infect potentially thousands of people to prove the point.

    At least there actually is screening on iOS unlike Android which is a free-for-all. Apple could remotely remove this malicious app from all infected phones instantly, Android could not.

    lionsson@watcha the problem is that this security expert made it public by posting a YouTube video about the app on the App Store, the real hackers are just sitting back and reading your silly comment.


    The fact that he made the problem public is not the problem. The fact that he went a step further and infected people, is the problem. Apple had no choice. They can't allow any individual to release apps which allow them to control the users' phones. Very simple, very logical, very obvious. Only a fool would regard basic logic as 'silly'.

    :-)
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS