We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

iOS code signing flaw leaves iPhones, iPads exposed

Researcher Charlie Miller has his developer licence terminated for demonstrating vulnerability in iOS

Charlie Miller, a security researcher, has had his developer licence terminated by Apple after revealing a flaw that could let rogue apps take control of a device running iOS.

Forbes reports that Miller's licence was terminated after he put a 'sleeper' app into the App Store to prove his point. Miller intends to present a way of exploiting a flaw in Apple's restrictions on code signing on iOS devices at the SysCan conference in Taiwan next week.

In a four-minute video (below) Miller outlines the way the hack works. Though when an app is submitted to Apple for approval the company checks that the app doesn't make any unapproved commands, ensuring that an iOS device running the app is protected.

However, Miller says he has found a way for an app to download new commands - unapproved by Apple - from a remote computer, potentially allowing someone to read files on an iOS device or make it carry out functions without the users permission or knowledge.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can't be assured of anything you download from the App Store behaving nicely," Miller says.

Apple hasn't made an official comment on the matter but it seems that it is less than impressed with Miller, banishing him from the Apple developer programme.

Miller is a serial hacker of Apple devices - he has shown off exploits for vulnerabilities in MacBooks and the iPhone in the past. He is a former NSA analyst and now works as a researcher with consultancy Accuvant.


IDG UK Sites

Where to buy iPhone 6 and iPhone 6 Plus in the UK: Launch day price, deals and contracts

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Professional photo and video techniques for perfect colours

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...