We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

iOS code signing flaw leaves iPhones, iPads exposed

Researcher Charlie Miller has his developer licence terminated for demonstrating vulnerability in iOS

Charlie Miller, a security researcher, has had his developer licence terminated by Apple after revealing a flaw that could let rogue apps take control of a device running iOS.

Forbes reports that Miller's licence was terminated after he put a 'sleeper' app into the App Store to prove his point. Miller intends to present a way of exploiting a flaw in Apple's restrictions on code signing on iOS devices at the SysCan conference in Taiwan next week.

In a four-minute video (below) Miller outlines the way the hack works. Though when an app is submitted to Apple for approval the company checks that the app doesn't make any unapproved commands, ensuring that an iOS device running the app is protected.

However, Miller says he has found a way for an app to download new commands - unapproved by Apple - from a remote computer, potentially allowing someone to read files on an iOS device or make it carry out functions without the users permission or knowledge.

"Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can't be assured of anything you download from the App Store behaving nicely," Miller says.

Apple hasn't made an official comment on the matter but it seems that it is less than impressed with Miller, banishing him from the Apple developer programme.

Miller is a serial hacker of Apple devices - he has shown off exploits for vulnerabilities in MacBooks and the iPhone in the past. He is a former NSA analyst and now works as a researcher with consultancy Accuvant.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home