Dev Dumped After Laying Bare iOS Vulnerability
Nov 8, 2011 11:52 AM PT
Apple has reportedly banned noted hacker Charlie Miller from its developer program for a year, apparently in response to an app Miller wrote on the iTunes App Store that exploits a zero-day vulnerability he spotted in iOS.
Miller did notify Apple of the flaw three weeks ago, the developer tweeted. His app, he said, was posted on the iTunes App Store in September, and the code in the app will only work for him, he asserted.
Apple did not respond to requests for comment by press time.
What Miller Did
Miller created a proof-of-concept application to demonstrate his security exploit and got Apple to approve it for uploading to the iTunes App Store by concealing it inside a fake stock ticker program, Forbes reported.
The app exploits a flaw in Apple's restrictions on code signing on iOS devices.
The Signing of the Code
Code signing is the process of digitally signing executables and scripts to confirm the identity of the software author and guarantee that the code hasn't been altered or corrupted since it was signed. It's most commonly used to provide security when software is deployed.
Apple uses code signing to ensure that only commands it has approved can run in an iDevice's memory.
The Effects of Miller's Exploit
The app Miller created will phone back to a remote computer and can download unapproved commands onto a user's iPhone and execute them at will.
It can be used to steal the victim's photos, read the contact file, make the victim's iPhone vibrate or play sounds, or otherwise redo normal iOS app functions, Forbes said.
That would make any app in the iTunes App Store unsafe, as it could be harboring the malicious code, Miller has reportedly said.
A View of Miller's Exploit
Miller, a principal research consultant at Accuvant and noted finder of Mac OS flaws, was unable to answer TechNewsWorld's questions by press time.
iSafety Is an Illusion
Miller's success in sneaking an app that contains unapproved code into the iTunes App Store might trigger a backlash among iOS devs, who have long complained about Apple's long and tortuous app vetting process.
Apple's reaction included barring Miller from the ranks of its developer program for a year and canceling a presentation of his method Miller was scheduled to make at the SyScan 2011 Taipei security conference next week.
It's All About the Money
Miller's discovery could impact Apple sales, especially now that the company's penetrating corporate America with its iPads and Mac laptops.
Media tablet shipments surpassed netbook shipments for the first time in the second quarter of this year, ABI Research has found.
Tablet shipments totaled 13.6 million units, almost double the 7.3 million netbooks shipped.
Wrongness Is a State of Mind
Miller admits on his Twitter account that he had breached Apple's terms of service but contends that the app was essentially harmless because it didn't contain code for anyone else but him.
However, he may have breached a bit of unwritten etiquette observed by security researchers. When researchers discover a vulnerability, they usually notify the software author or vendor and give it 30 days to respond before publicizing their discovery.
"I'm not sure that the issue around Miller's being dismissed from Apple's developer program had to do with what he did or found as it did with the fact that he spoke about it publicly," Charles King, principal analyst at Pund-IT, told TechNewsWorld.
Shout, Shout, Let It All Out
Was Miller perhaps being a tad hasty in publicizing the vulnerability he discovered?
Miller contends that, if he hadn't posted the app, people wouldn't believe him and insist that Apple wouldn't approve an app that took advantage of the flaw he exploited.
Hell Hath No Fury ...
Could Apple perhaps be over-reacting to Miller"s actions? Or is its reaction typical of its unique approach to business?
"Apple has always been a company that's preferred to play the game according to its own rules," Pund-IT's King said.
"It runs back home any time someone refuses to play the game accordingly," King added.