iOS Developer Booted from Apple Developer Program After Finding Critical Security Exploit
Okay everyone… let’s talk about Charlie Miller.
Who’s Charlie Miller you ask? Well, he’s actually a rather nice fellow. He’s also quite smart. You see, Charlie Miller is a guy who likes to play with Macs, and other Apple products. He’s been an Apple developer for quite some time actually.
Some people may remember Charlie (no not me, Charlie Miller of course) as the guy who cracked open the Macbook Air in just 2 minutes in a hacker showdown. You may also remember a guy way back in the few months ago that found a critical flaw in the Macbook battery that would, essentially, allow actual malicious code to be executed from a strange and yet un-thought of battery infection.
Turns out… Charlie’s a crazy man that loves to find things wrong with Apple stuff. He’s quite good at it. He’s likely helped Apple fix all sorts of problems, and has made people aware of critical security issues that have saved a lot of people a lot of money on migraine medication. He’s also been kicked out of the developer program.
Yup, it’s true folks. Charlie’s no longer allowed to develop and sell all those wonderful apps that he spent so much time on. His apps were removed today, and he was banned from the developer program after telling the world of his newest security threat, which allows unsigned code (unapproved code) to be executed on the iOS platform from within any application. In fact, there could potentially be a lot of weird apps that have that ability right now. Strange right?
The process, as Charlie describes it, is called “code-signing.” This process is essentially what’s protecting all of you iOS users from malware. You see, with code-signing in place, all code that’s executed on the iOS devices has to be an approved Apple code. People who want to execute malware, obviously, wouldn’t be able to put in place their code on your device whenever they want, and therefore your device is well protected. This, and a few other aspects of the iOS platform, is how Apple’s super-restrictive platform benefits by being the way it is.
However… that really doesn’t mean much, if you can get around it, right? Turns out, Charlie can, and Charlie does! In fact, even though he’s had his developer account shut down, he’s still going to be presenting this nasty little bug at a conference next week. Of course, he’s keeping it under wraps, telling only those who can do something to fix it. Charlie’s a “good hacker,” and not a person who disrupts people’s lives, and for that, we thank you.
Forbes explains his latest find like this:
“At the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory. Using this method—and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick—an app can phone home to a remote computer that downloads unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.”
The “sleeper app” that Forbes is talking about, has been named ‘Instastock.’ It’s described as a simple list of stock tickers, but it does so much more than that. The app communicates with Miller’s home server, pulling down and executing his custom commands at will. It would be quite scary to think this would be possible if we downloaded an app from a developer that knew about this. Watch the video below, as Charlie gives an explanation, and a demonstration:
But the question still remains: Why was Charlie kicked out of the developer program?
The answer lies, in HOW he found this bug. You see, even though Charlie was doing something good for the rest of us, he also needed to break a few rules in order to find it. He needed to use methods and code that wasn’t approved for the dev program, and because he did that, Apple kicked his ass out. Seems a bit harsh though.
Popular iOS hacker @i0nic explains this:
Honestly, I suppose they have a point. All developers have to follow the guidelines, and play by Apple’s rules if they want to be part of their program, just as any other user of any service has to do. I suppose a small part of me feels that Apple has a just cause for removing him from the developer program, having said that. However, a much larger part of me believes they should be hiring this guy to find all these bugs for them… and paying him a great salary for it.