• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Recently Discovered iOS Security Exploit Allows Users' Information To Be Accessed


    Charlie Miller, a well-known Mac hacker and researcher has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device through the use of exploiting a flaw in Appleís restrictions on code signing. According to Forbes, the restrictions allow the malware to steal user data and take control of certain iOS functions.

    Miller explained that the code signing restrictions allow only Appleís approved commands to run in an iOS deviceís memory and apps that violate these rules arenít allowed in the App Store. He found a way to bypass Appleís security check by exploiting a bug in iOS code signing, one which allows an app to download new and unapproved commands from a remote computer. The malware can then be used to read userís contacts, make the phone vibrate or sound a ringtone, steal userís photos, and more whenever the developer chooses. According to Miller:

    Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you canít be assured of anything you download from the App Store behaving nicely.
    The flaw first surfaced with the release of iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a deviceís memory than in previous iterations of the iOS platform. Miller was able to realize that the increased speed forced Apple to create an exception for the browse to run unapproved code, and the researcher soon was able to find a bug which allowed him to expand the code beyond the browser to any app downloaded from the App Store.

    To showcase the exploit he found, Miller created an app called ďInstastock,Ē which he submitted and Apple approved. The app appears to be a simple stock ticker but it can leverage the code signing bug and communicate with Millerís server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos, and other files. The app has been pulled from the App Store and according to a recent tweet of his, Miller has been banned from the Apple Store and kicked out of the iOS Developer program as well.

    To provide more info on the exploit, Miller will be giving a talk at the SysCan conference in Taiwan next week. He wonít be public revealing the exploit though giving Apple time to fix the issue at hand. He does do a good job of showing it off in a video, which can be found below:



    For those of you who donít already know, Charlie Miller isnít a novice when it comes to iOS or Mac security. In 2008, Miller broke into the MacBook Air in two minutes through Safari amongst many other feats.

    What do you think of the whole ordeal? Do you think Apple made a smart move in banning him? Share any thoughts below!

    Source: Forbes, Twitter
    This article was originally published in forum thread: Recently Discovered iOS Security Exploit Allows Users' Information To Be Accessed started by Akshay Masand View original post
    Comments 19 Comments
    1. bootleg's Avatar
      bootleg -
      no they should hire him and give him a bonus.
    1. Mr. Russian's Avatar
      Mr. Russian -
      i think they should have him find bugs and different holes so they could fix them
    1. Amillio's Avatar
      Amillio -
      Well I don't know too much about this guy but one thing he should be helping the the jailbreak community with something like that. Cydia could have been installed using code like that the dev teams should've taken advantage of that. He shouldn't have been banned he should have been hired he publicly showed that there are flaws that need fixed. He either needs to work for apple or one of the dev teams.
    1. bdwayneh's Avatar
      bdwayneh -
      It would be really cool if someone could do something like this a allow it to jailbreak the iPhone. First iPhone jail broke by using apple's app store. I am sure its probably out of the scope of this though
    1. prsbirds's Avatar
      prsbirds -
      I think it was a TERRIBLE move banning him. They absolutely should be encouraging him, since it seems that he is not malicious but instead just testing Apple and pushing them to be superior... And, as "bootleg" said, they should definitely considering contracting him to their security team! In fact, didn't they just lose a VP of Global Security!? Seems like a perfect solution!
    1. tangus999's Avatar
      tangus999 -
      and this is exactly what you get when you have a closed os... gez this wouldn't happen if the phone was runing a little snithc program.....yawn.....apple will get burnt and hopefully release it's grip.....oh wait it's called jailbreaking, yawn.
    1. spooneditr's Avatar
      spooneditr -
      Quote Originally Posted by prsbirds View Post
      I think it was a TERRIBLE move banning him. They absolutely should be encouraging him, since it seems that he is not malicious but instead just testing Apple and pushing them to be superior... And, as "bootleg" said, they should definitely considering contracting him to their security team! In fact, didn't they just lose a VP of Global Security!? Seems like a perfect solution!
      I agree!! Hire this guy!
    1. DaLsim's Avatar
      DaLsim -
      yea, apple too stupid? They should have hire in to check all malware? Now other big player can hire him to put worms in apple, core...
    1. confucious's Avatar
      confucious -
      Quote Originally Posted by spooneditr View Post
      I agree!! Hire this guy!
      I really, really hope they don't. ......

      I don't actually follow him on twitter but lots of those I do follow, follow him and I have learned a lot from their retweets of him.
    1. s0ulp1xel's Avatar
      s0ulp1xel -
      Cool. But scary.
    1. RoloDiva13's Avatar
      RoloDiva13 -
      Confucious, Care to shed some light on that? I was thinking the same as most of the rest of this thread (that Apple should, in fact, be hiring this guy, not firing him from the Dev Program), but if he's not as 'helpful' as he appears, that bears some consideration.

      Confucious, Care to shed some light on that? I was thinking the same as most of the rest of this thread (that Apple should, in fact, be hiring this guy, not firing him from the Dev Program), but if he's not as 'helpful' as he appears, that bears some consideration.

      Quote Originally Posted by s0ulp1xel View Post
      Cool. But scary.
      Agreed...Mostly scary, though Especially after viewing the video demonstration.

      Confucious, Care to shed some light on that? I was thinking the same as most of the rest of this thread (that Apple should, in fact, be hiring this guy, not firing him from the Dev Program), but if he's not as 'helpful' as he appears, that bears some consideration.

      Quote Originally Posted by s0ulp1xel View Post
      Cool. But scary.
      Agreed...Mostly scary, though Especially after viewing the video demonstration.
    1. cpotoso's Avatar
      cpotoso -
      How typical of apple (and all large corporations): give huge bonuses to administrators and punish those that actually find something useful.
    1. Kevin8677's Avatar
      Kevin8677 -
      So they ban him but hire 2 guys that allowed so many of us to jailbreak our phones? That makes no sense at all. They need to be kissing his *** & giving him a job. He would be a major asset to them.
    1. NakedFaerie's Avatar
      NakedFaerie -
      Thats why I call them crApple for their crap ways of doing things.Instead of hiring him to stop the exploits they ban him. Stupid. Now he just tells everyone the exploits and crApple are now bombarded by apps that are good but mallware and they dont know which is which. Their stupid move not his.He probably did the right thing by telling them what he did and not actually doing anything with his app but pointing out the huge hole in their system. I would love to know this exploit. I would put it in my apps. Not to attack the users but to get back at crApple for their stupid devices and lack of features and for stealing hackers work with no credit to them.How many features of IOS were started from a cydia app and how much money did those original devs get from crApple? $0. crApple deserve a few really bad attacks.
    1. jasvncnt10's Avatar
      jasvncnt10 -
      The man is an F'n genious
    1. JedixJarf's Avatar
      JedixJarf -
      Quote Originally Posted by bootleg View Post
      no they should hire him and give him a bonus.
      This.
    1. confucious's Avatar
      confucious -
      Quote Originally Posted by Kevin8677 View Post
      So they ban him but hire 2 guys that allowed so many of us to jailbreak our phones?
      2? Comes has an internship with them, who's the other one?
    1. czarcasm's Avatar
      czarcasm -
      if he wouldnt use this exploit for benefitting himself(which he didnt) apple should be hiring this guy
    1. confucious's Avatar
      confucious -
      What makes everyone think he would want to be employed by Apple?