“A software flaw in Apple Inc’s iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security,” Jim Finkle reports for Reuters.
“Charlie Miller, a researcher with Accuvant Labs who identified the problem, built a prototype malicious program to test the flaw. He said Apple’s App Store failed to identify the malicious program, which made it past the security vetting process,” Finkle reports. “There is as yet no evidence that hackers have exploited the vulnerability in Apple’s iOS software.”
Finkle reports, “Miller, who in 2009 identified a bug in the iPhone text-messaging system that allowed attackers to gain remote control over the devices, said that he had contacted the company about the vulnerability. ‘They are in the process of fixing it,’ he said.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Edward Weber” for the heads up.]
Apples ahead of the curve and on it
Meanwhile, Apple has kicked Charlie Miller out of its developer program for exposing too many of Apple’s dirty little secrets.
http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/
Apple should be hiring him or his company to help find these security problems before the bad guys do.
Miller put malicious code on the App Store to prove how smart he was and add to his notoriety. Im surprised he didn’t blackmail Apple.
I can’t agree more. Apple needs to hire this guy: not kick him out of their developer program. He would be a huge asset.
He would be a huge asset, if he wasn’t such a moron.
He could’ve just pointed out the flaw to Apple, but he went ahead and submitted an app into the app store that violated his developer’s agreement. He knew he wasn’t supposed to do that, so it should be no surprise to him.
Charlie Miller went about it the wrong way and very specifically violated developer account policies. Apple rightfully revoked his access to the developer program for doing so.
exactly.
You know for a fact that this Miller guy didn’t try the right way first by contacting Apple, only to get the run around or the ‘Hey, we built our iOS. We know what it can and can’t do! Genius!!’
Of course we will never have confirmation from Apple about whether they shrugged off this guy if he contacted them.
I for one am glad he did what he did. He let everyone know, including Apple, that they aren’t as smart as they think they are about leaving a way for someone smarter and with malicious intent to screw around in Apple’s ‘Walled Garden’. Sorry Apple was “Thinking Stupidly” when they kicked him off the iOS App Developer program. Without him, my assurance of Apple’s iOS security integrity just dropped down a notch!
Is it coming to this Apple, “You are coming to a sad realization. Cancel or allow?”
Shouldn’t piss off those who are smart enough to catch your flaws. Dismiss them, throw them under the bus and maybe they will do the same as was the plot in the ‘Live Free or Die Hard” movie I saw literally last night, starring Bruce Willis and “I’m a Mac” Justin Long where the premise of the movie is about another computer expert who was thrown under the bus, had one of those, “I’ll show you” moment!
Anyone can read the developer agreements and come to the conclusion that he clearly violated them. It’s a lot more cut and dried than you’d like to believe.
It sounds like you’re saying “because he’s a smart guy, you should let him do whatever he wants!” I trust it’s obvious to most people why that’s a very bad approach to take, especially when it comes to tolerating malware.
Then we should let the more intelligent “B.S” criminals run with any concept they wish just cause a small minority of self proclaimed idiots think they are above any rules set for the more common folk.
Rules are in place for a reason, and just as in this specific outcome we need those rules. To bend the rules just because a few think it is in the best interest is short sided and blatantly idiotic.
Just like laws, Rules are in place to protect the greater good, when anyone travels outside of the norm they need to pay the price.
To many people in the history of the human race have broken rules and millions if not billions have suffered because a general consensus was it was for the greater good.
Follow the rules or not, that is a choice, but when a individual agrees and is binded to abide by a contract and those agreements have been broken a punishment is invoked, just because a select few think someone is smarter doesn’t make it so. It just shows a disregard for others that do follow the rules.
I just think its funny that a company that proclaims to “think different” and prides itself on breaking the rules would ban a guy like this just because he ‘tested the boundaries’ and wanted to see if something malicious would pass the established litmus test on the app store.
yank the app, leave his developer status alone, thank him for the help and let the man continue on his journey…
He knowingly and willingly violated the developer agreement he signed. Apple had to pull the plug on his account, or risk being accused of having a double standard when it comes to tolerating the publication of malware in the App Store.
In your distortion field….
He signed a contract, Broke the contract. And pays the price.
You can think different, but when you are binded by a contract you signed, you dam well better follow the rules.
You can twist this all you want, this has nothing to do with the concept of think diffrent in the context Apple ment it to be.
Now who is in there own reality, seems like a attempt to twist the facts and truth to the twisted thoughts of the poster.
… usage to “non-critical” tasks, I’m saving myself a ton of grief? Yeah … there’s my Address Book – synced in. There’s some e-mail, and notes for the latest play my wife is working on, and – HEAVENS! – there’s proof I’m never getting to the World Series of Poker! And a few free books. Whoop! Big Score, there!
He should have known you can’t tell the emperor that he has no clothes. He’s going to present the ‘findings’ this week or next in Taiwan, so we’ll find out what happened then.
“Thinking Stupidly” I like that. Given the ever increasing temperature of my feedbacks on various things regarding my mew iPad it feels like it’s getting to be their new ad phrase: Think Stupid.
Had he contacted Apple and offered to work *with* them on this, there wouldn’t have been an issue. Instead, he went on a headline-seeking publicity stunt.
If his motivations were truly to help Apple’s products be more secure, he’d have contacted them first instead of pulling a stunt like this.
Windows users unaffected.
What is, a phrase never seen before.