iPhone Security Hole Revealed, Hacker Kicked Out
0Apple is quite protective of iOS and its app environment. There is a good reason we don’t see more iOS 5 malware than we are seeing these days. While Apple has worked very hard to keep its platform secure, the company can not come up with a completely secure environment. Serial Mac hacker Charlie Miller has found a way to install apps that run unsigned codes. These apps’ functionality could be changed after they are installed.
Mr. Miller did manage to put a sleeper app in the app store as proof of concept. This is a potentially huge problem for Apple. Hackers can exploit such a hole to install rogue applications on iPhones and iPads. We are talking about apps that can steal contact information, grab photos, and control iOS devices in other fashions.
Charlie Miller, who is a former NSA analyst, managed to sneak in a stock ticker app called Instastock into the app store. It looks very innocent on surface. However, Instastock communicates with a third-party server, allowing Mr. Miller to run commands on infected devices. How did this hole come about? With iOS 4.3 release, Apple started allowing Javascript from web to run at a deeper level on iOS devices. The exception added to Safari did speed things up. Mr. Miller managed to apply the exception to other apps.
Not surprisingly, Apple has decided to terminate Miller’s developer license. The company is very protective of its platform. Unfortunately, this is a bad move on Apple’s part. Apple simply can not find all security holes in its platform without the help of ethical hackers and experienced security analysts. Let’s hope Mr. Miller’s license is restored so he can continue discovering more security holes in iOS.