ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

So that's what happens when you highlight an iOS security hole

By | November 8, 2011, 2:39am PST

Summary: Apple lets it through the door.

Mac hacker Charlie Miller discovered a security hole in the way Apple digitally signs apps for the App Store and used this information to create a ‘legitimate’ app of his own that passed all of Apple’s checks, but which could download and run unsigned and unauthorized in users iOS devices.

Apple’s response … ban Miller’s developer account and remove the app.

The app was interesting in that Miller could choose what payload was sent to the app. He could make it open an YouTube video, make the handset vibrate, and even get direct access to the file system and grab files like the address book database.

Serious stuff.

Miller says that he had to put a real app into the App Store featuring this vulnerability because without it ‘people would say Apple wouldn’t approve an app that took advantage of this flaw.’

Now, is Apple doing the right thing by banning Miller’s developer account and removing the app? Yes, it is. The app, while not containing any malicious code, still deliberately leverages a serious security loophole and can download malicious payloads to the handset. This sort of behavior violates Apple’s developer terms and conditions and as such is more than enough reason for Apple to give Miller the shove.

Note: The app had been in the Apple Store since September.

So, what worries me isn’t that Apple kicked Miller and his app off the developer program, it’s that Apple didn’t spot what this app was doing in the first place. Miller had to talk about it before Apple realized what was going on. That’s what I find very worrying.

Note: Given his reputation, the fact that Charile Miller had submitted an app should have set alarm bells ringing at Cupertino!

So, what happens when a developer (even if that developer is a well-known hacker) submits an app that leverages a vulnerability to Apple for approval? Apple approves it and hopes it doesn’t contain a hidden vulnerability. Apple yanked Miller’s app from the App Store because he talked about it. Bad guys don’t do that sort of thing, so vulnerable apps could go unnoticed for a very long time.

I thought Apple’s iOS ecosystem was supposed to be a walled garden. Seems to me like it has a low fence at best, one that’s quite easy to step over, and once you’re over, there’s little chance that Apple will find out what you’ve done.

Related:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Apple Macintosh, Malware, Apple Inc., Hacker, Spyware, Adware & Malware, Cyberthreats, Hacking, Security, Viruses And Worms, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

43
Comments
Add Your Opinion

Join the conversation!

Just In

RE: So that's what happens when you push malware to Apple's App Store
dhmccoy 11th Nov
Apple has already fixed the bug and is getting it out to users. How quickly are Android patches made available again?

And this bug, which was fixed, basically made iOS as secure as Android.
View in thread
0 Votes
+ -
Uhm...
Panajev 8th Nov
Checking a binary for issues is not a 100% spotless process? News at 11.

Passive aggressive remark about walled garden promise of 100% security (which by definition should not be trusted)? Priceless wink.
0 Votes
+ -
Agreed....
cosuna 8th Nov
@Panajev : Adrian is just waiting for his check from "you know who" comes in the mail...
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
jgm@... 8th Nov
@cosuna Grow up.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
john-whorfin 8th Nov
@Panajev
Then Apple should be requiring source to be uploaded and compiled by them instead of accepting binaries.
0 Votes
+ -
Re: Uhm...
ldo17 8th Nov
Furious backpedalling over claims that Apple's platform is so much more secure than Android? News at 11.

Passive-aggressive misrepresentation that above claims were ever made, and made loudly and repeatedly? Priceless happy.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
dcdavy Updated - 8th Nov
So, there was a bank out there. There was a vault in there. There was a crack in the wall leading right into the vault. People walked by ignoring it. Then a guy, with a piece of brain between his ears, stopped and shouted: "hey, there's a hole in the wall, I can see some diamonds in there !"
They put him in jail.
0 Votes
+ -
It's kinda like shooting the cop chasing the bad guy out of your house ....
kd5auq 11th Nov
@Panajev
.... because the cop was trespassing?
WOW!
Incredible thinking there!
sad
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Nate_K 8th Nov
For a company wanting to wear the "Big Boy pants" they sure don't get it. That is totally obvious now.
Apple has got to be the most Security "Unconscious" that I have ever seen. Apple doesn't get it because they believe kicking someone out, suing someone or just throwing a plain ol' Jobs tantrum will solve it all. Sadly to say guys, that's not working today, or tomorrow either, matter of fact you might as well get your head out of the hole it's in and look around.

Your products are not as secure as you lead the masses to believe.

Kicking people out, denying the facts until there out of control. In case you have missed the headlines nearly everyday, your weaknesses are being shown to all and it's not going to go away under a rug. The community is laughing at you, daily, yet you still just don't get it.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
sackbut 8th Nov
@Nate_K Apple probably has dispatched a "security team" to your location as we speak happy
0 Votes
+ -
Agreed, with one caveat ...
use_what_works_4_U 8th Nov
@Nate_K
I haven't seen (yet) where Apple is denying this vulnerability. Apple puts out FAR more security updates for the iPhone than I see coming from Android, so they are admitting there are holes, but they aren't discussing them before a fix is ready.

IF Apple doesn't fix the vulnerability (which I find doubtful) then you can say they are ignoring it. OTOH, I've had my HTC Evo Shift since January. I have received exactly two system updates for the phone (one of which had to be removed as it made the pone nearly unusably slow), and absolutely NO information in either one that any security vulnerabilities were being addressed. Since all systems are inherently vulnerable, I am left wondering what my carrier is doing to protect me when issues are discovered?

Apple may try to bend the reality, but they do release updates to address issues as the issues are found. That is only one reason why I will eventually return to the iPhone. I have zero confidence in the "security" of Android.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
p0figster 8th Nov
@macadam
While what you say may very well be true (don't use a smartphone anymore - haven't used Android in 1+ years), Android doesn't market itself or it's app store as being secure. Apple has a long, inglorious history of touting that it is immune to malware, viruses and the like. Therefore, even with security fixes, banning someone who was exposing a serious security flaw in the only way that would be irrefutable is equivalent to sweeping it under the rug.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
sjobs84 Updated - 9th Nov
@macadam
Yes, and good luck trying to get various carriers to keep your phone updated. At least the Apple solution goes right to the people who have only themselves to blame, and not the carriers who may be lax in pushing updates - the Android way...which ALREADY has the same problem as this guy showed in the App Store!

@p0figster - if you believe any of the marketing hype from any company about security, then you also only have yourself to blame.

I did send a nastygram to Apple asking why they didn't include an invite to be a paid consultant at the same time as they kicked him out of iOS Dev. Let's keep it real...
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
doh123 8th Nov
If he found a vulnerability and think it needed to be fixed, he should have told Apple about it... and maybe kept hounding them about it... but what he did was showing off and trying to get his name in the press. He didn't care about the vulnerability at all, just about getting his name in the headlines again.

The problem here is not that there is an App with malware in it... that doesn't get in the App Store easily, and Miller didn't do it either. He fixed one that was able to install Malware after the App was already installed...
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
p0figster 8th Nov
@doh123
Uh, he did tell Apple. 3 weeks ago. And if he hadn't managed to push the app to the App Store then everyone would simply claim that Apple wouldn't approve the app and so it would be a non-issue. Doing what he did he showed TWO security vulnerabilities, not just the one he exploited in the app. Furthermore, getting banned (an act of Apple) got him more publicity than not banning him would have. And the app is the malware - it connects to a sever that executes malicious code on the iPhone - more or less the definition of malware.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Doctor Demento 8th Nov
@doh123
He did it the way he did because he wanted to make it impossible for Apple to turn around and deny it ever happened. He needed to make a public display to make his point.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Jean-Pierre- 8th Nov
google says : you found a vulnerability? we'll pay you for helping us find it.

apple says : you found a vulnerability? we'll make you pay for it.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
mookiemu 8th Nov
@Jean-Pierre- LOL! Nice point!
0 Votes
+ -
No it's not
use_what_works_4_U 8th Nov
@mookiemu
It's nothing but snark. They didn't make Charlie Miller pay for finding a vulnerability. They made him pay for releasing malware. In the same situation I would hope Google would do the same thing. Every year since the iPhone came out Miller has found vulnerabilities - it's his job and he's good at it. The difference is that in the past he did the responsible thing by publishing his findings and Apple plugged every hole he found. This time he didn't publish his findings and released malware. That's unethical plain and simple.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
use_what_works_4_U 8th Nov
@Jean-Pierre-
Apple says - you found a vulnerability, we'll patch it.

Google says - you found a vulnerability? We may patch it but it's up to your carrier to give you the patch.

recent articles have been highlighting that Apple is patching more frequently than anyone (both a good and a bad thing) but in my 10 months with an Android phone I have not been made aware of a single security update. I've seen only 2 system updates, one of which made my phone nearly unusable. As a consumer I'm a lot more worried about my Android's security than I ever was my iPhones and I will be going back for that (and many other) reason(s)
0 Votes
+ -
Conversely,
matthew_maurice Updated - 8th Nov
@Jean-Pierre-

Google says : you put a malware infected app in our app store? We'll pay you for it.

Apple says : you put a malware infected app in our app store? We'll ban you for it.
0 Votes
+ -
Why do it?
Robert Hahn 8th Nov
If you can write something that people will actually download and install from the App Store, why jump off the gravy train by inserting some kind of back door in it? Sooner or later that's going to get caught, and your checks will stop. The bigger the botnet you build, the more money you'll lose. That doesn't sound especially smart.
0 Votes
+ -
Apple security is a joke. Charlie Miller continuously reminds everyone of
Johnny Vegas 8th Nov
that fact. Apple should just pay him $500000 a year to be a security consultant for them. Instead they attempt to hide their obvious weakness. They are laughable. They are only one baby step up from androids complete absence of security. I'll stick with Windows Phone for now. So far they have by far the best app security review process.
0 Votes
+ -
Live from the Astrodome
Robert Hahn 8th Nov
More than 150 vulnerabilities have already been identified in Windows Phone. You stay with it at your peril.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
omdguy 8th Nov
@Robert Hahn

Source?
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Doctor Demento 8th Nov
@Robert Hahn
As Apple apologists love to point out, there's a world of difference between 'vulnerabilities' and 'exploits'.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
RossC0 8th Nov
I dont think this guy cared at all for getting 'paid', and if he took the route of telling apple about this it would have been behind closed doors, NDA'ed and no one would be any the wiser.

He has done a service to the community, but apple fanatics cant see that, as it makes them look silly. If apple didnt have their head in a hole as already stated, and deny any existence of secuirty flaws, then would they still get targeted for this kind of exposure?

lolz all round, good work Charlie Miller.
0 Votes
+ -
Did they really say that?
Robert Hahn 8th Nov
I have never actually heard anyone from Apple deny the existence of security flaws. Could you provide us with a link to such a statement?
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Natanael_L 8th Nov
@Robert Hahn: Here: http://cache.gawkerassets.com/assets/images/7/2011/10/sjobs1.jpg
#1 and #2 in SJ's "freedom from" mail, and all other malware are implied too. This app disproved them.
0 Votes
+ -
That's quite a stretch.
matthew_maurice Updated - 8th Nov
@Natanael_L You're saying a person emall from Steve Jobs containing an implication equates to a concrete statement from Apple Inc.? You'll have to do better than that.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
jigzat 8th Nov
What would happen if one day you find your neighbor spying on your bathroom and then telling the other neighbors out loud that there is a hole to watch your bathroom???
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Natanael_L 8th Nov
@jigzat: What if it was done because you had a hotel with guests who were there all the time and you were known to ignore issues unless there were a media storm about them?

Security is all about decreasing risks. Sometimes that requires demonstrating the exploit to force a fix.
0 Votes
+ -
Ah, the Goldwater defense.
matthew_maurice 8th Nov
@Natanael_L "Extremism in defense of liberty is no vice!" It was wrong in '64 and it's wrong now.

Chris Miller is a really smart guy, but he did a really stupid thing. Apple's response wasn't brilliant, but they really had no choice, and that is probably why Miller is feeling their wrath. Miller has brought lots of bugs and vulnerabilities to Apple's attention, and-as far as we know-Apple has fixed them. This one hit really close to home, the App Store, and then Chris decided to "grandstand" about it. As a result Apple had no choice but to "go nuclear" on him. Dumb all around.
0 Votes
+ -
Trust Not He That Is Your Enemy
Lando3840 8th Nov
I am no tech junkie by no means but trusting a hacker with security concerns is like trusting a cat not to eat the mouse. He is what he is and now armed with knowledge of their tech and a sleeper app to boot, the new Lucifer is Miller. And I know he is smart enough to know how to get around whatever they attempt to trace with his signature for a while before they clean it up.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
roy@... Updated - 8th Nov
Wow. Glad another hole was found.
Now fix it and move on!
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
Psdie 8th Nov
The brainless Apple defender here appear to have missed or are ignoring the point that Miller was clearly doing what every security researcher does - developing a proof of concept of a security flaw. There was no malicious intent.

As Jean-Pierre points out - the correct reaction from a sane company would be to a) pull the proof of concept, b) develop a fix, b) reward Charlie Miller with at least a public thank you and free lifetime dev account.

But no, Apple kick the researcher off the programme and drive research to the underground and into the hands of blackhats. Way to go.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
leopards 8th Nov
Yep, he probably knew what was going to happen before he did it! Thing is and I hate to say this, with Windows and Android, at least you know it is Buyer beware! Well the android Market is supposed to be safe, but take that with a grain of salt! It isn't touted as much for safety as Apples App Market is! No guarantees in anything you get form any place other than the Authorized markets, and then keep your fingers crossed! Microsoft users have had to deal with this right along, may come as a shock to apple users!
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
john-whorfin 8th Nov
Too bad about the hundreds of other apps exploiting the same hole that developers did not tell Apple about. No, I don't have links to the reports, that's the whole point. Real evil hackers don't call Apple and tell them they installed a malware app in the store 3 weeks ago, they silently giggle as more and more unwitting sheeple download it onto their supposedly secure devices using their supposedly secure infrastructure. Eventually enough copies are downloaded to accomplish whatever the malware developer wants to do, the app gets activated and all hell breaks loose.
0 Votes
+ -
Good Luck...
Str0b0 8th Nov
Well lets see if Apple is able to recruit any White Hats now. This is just stupid. He did have to publish the proof of concept otherwise he is right Apple would have denied that such a vulnerability would be an issue, someone else would have figured it out and then hundreds of people could have potentially been compromised. Given their track record for non disclosure until an incident simply cannot be contained this could have been disastrous for those end users.

Any other tech company with brains would have rewarded a developer for pointing out such a glaring flaw before it became a real issue. In point of fact white hat hackers, security researchers, whatever they want to be called these days, have become increasingly more necessary in our increasingly connected world. If they had just taken the app down and patted Miler on the back and said,"Thanks for bringing this to my attention." things would have been good. The fact that they took the knee jerk reaction of firing, arguably, one of their best security assets is just stupid and short sighted and showcases what Apple is really all about and that they are every bit the "Evil" empire that they would have you believe Microsoft is.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
hectorj102 9th Nov
Shame on Apple! Sounds like they should be hiring Miller rather than banning him. His skill could be a valuable asset in increasing the real security of apps.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
hectorj102 9th Nov
Shame on Apple! It seems to me that they should be hiring Miller rather than banning him. He has skills that could enhance the security of apps by discovering flaws and weaknesses benefiting Apple in the long term.
0 Votes
+ -
UGH... Adrian, you just don't get it
UrNotPayingAttention 9th Nov
See, the issue here is Charlie Miller broke the TOS that HE agreed to by uploading a malicious app for everyone to download. He is unethical and a hacker.

Now that Apple has pulled his app and kicked him out of the Dev program, Apple has taken care of this whole situtation.

...

At least that's what I was told by the apologists and fanbois yesterday... and they have to be right.

...right? plain
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
opcom 9th Nov
Apple has lived in the world of rainbows and unicorns for decades. That in part is probably why they have such wondeful products (even if they are expensive). It's well past time they took a very hard look at the harsh world of bad men, causation, and security measures. If they keep ignoring the spectre of evil, their customers are going to get as frequently 'pwned' as M$'s. Malware for Mobile is on the rise.
0 Votes
+ -
RE: So that's what happens when you push malware to Apple's App Store
dhmccoy 11th Nov
Apple has already fixed the bug and is getting it out to users. How quickly are Android patches made available again?

And this bug, which was fixed, basically made iOS as secure as Android.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix