Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad
New Posts  All Forums:Forum Nav:

[Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad

post #1 of 24
Thread Starter 
Quote:
Apple’s iPhones and iPads have remained malware-free thanks mostly to the company’s puritanical attitude toward its App Store: Nothing even vaguely sinful gets in, and nothing from outside the App Store gets downloaded to an iOS gadget. Now serial Mac hacker Charlie Miller has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.

At the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory. Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants. In the video above, he demonstrates it reading an iPhone’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the booby-trapped app. (Perhaps the company ought to have been more suspicious of an application in Miller’s name, given that he has hacked practically every device Apple has made since 2007 or so.)
Source


Quote:
Update: Apple has terminated Miller’s developer license as a result of his research.
Security through obscurity never works Apple.
Edited by Riou - 11/8/11 at 9:35am
post #2 of 24
but if he broke the rules of the agreement...

their store, their program, their rules.

i'd hire him if i were them but i don't think it's fair to fault them for enforcing their rules...
Herschel
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770K ASRock Z87M Extreme4 eVGA GTX 680 2GB 12GB G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
1x 60GB SSD 1x 500GB, 1x 640GB, 1x 1TB Asus something or other Windows 7 Ultimate x64 Acer H236HLbid (23" 1920x1080) 
MonitorKeyboardPowerCase
Asus VE198 (19". 1440x900) Microsoft Sidewinder X4 Seasonic X650 Antec P180 Mini White 
Mouse
Logitech G500 
  hide details  
Reply
Herschel
(14 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 4770K ASRock Z87M Extreme4 eVGA GTX 680 2GB 12GB G.Skill Ripjaws 1600 
Hard DriveOptical DriveOSMonitor
1x 60GB SSD 1x 500GB, 1x 640GB, 1x 1TB Asus something or other Windows 7 Ultimate x64 Acer H236HLbid (23" 1920x1080) 
MonitorKeyboardPowerCase
Asus VE198 (19". 1440x900) Microsoft Sidewinder X4 Seasonic X650 Antec P180 Mini White 
Mouse
Logitech G500 
  hide details  
Reply
post #3 of 24
Changing your app to something else after it's been listen in the App Store as one thing? How much more obvious does it need to be? Why would any company let developers list falsely advertised software in their app store? You normally disclose the exploit to the company before making it public as well...
post #4 of 24
Now the question is, who will hire him first, Google or Microsoft? Or the more likely question, who's offer will he accept, Google or Microsoft's?
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
C2D T7100 1.8 ghz (undervolted) ummm... Dell Intel X3100 2 x 1gb 667mhz 
Hard DriveOptical DriveOSMonitor
Fujitsu 7200 RPM 120gb CD-RW/DVD dual boot Vista business 1440x900 
  hide details  
Reply
post #5 of 24
Thread Starter 
I don't think Apple wants anyone to discover its insecurities. How can you really test how insecurities of the OS if you cannot test everything?
post #6 of 24
Hack like a champion, what an awesome poster
post #7 of 24
He willfully and intentionally broke the rules, released his findings instead of discussing them internally with Apple, then has the idiocy and audacity to call them rude for showing him the door? The stupidity of people continue to amaze me everyday.
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
post #8 of 24
Quote:
Originally Posted by Riou View Post
I don't think Apple wants anyone to discover its insecurities. How can you really test how insecurities of the OS if you cannot test everything?
What company doesn't? You think Microsoft wants people to know about their vulnerabilities? It's amazing how ignorant people can be when it comes to anything with the word Apple in it. They're not stopping anyone from reporting exploits to them, which is what this developer didn't do.
post #9 of 24
Quote:
Originally Posted by OC'ing Noob View Post
He willfully and intentionally broke the rules, released his findings instead of discussing them internally with Apple, then has the idiocy and audacity to call them rude for showing him the door? The stupidity of people continue to amaze me everyday.
I stopped being amazed. I expect people to get worst actually . When the everyone's a winner nobody looses , your never wrong generation comes of age.
i7 Workstation
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 c0 @ 3.4ghz Asus P6T WS Pro ASUS GTX 580 Direct CU II Corsair XMS3 12GB 
Hard DriveOptical DriveOSMonitor
(1) WD3000HLFS , (3) WD7501AALS, (1) WD5000AADS SAMSUNG 20X DVD±R DVD Burner Windows 7 Ultimate 64 (2) Asus VH236 
KeyboardPowerCaseMouse
Logitech G15 Antec SG 850W Fractal Design Define R3 Logitech G9 
Mouse Pad
Allsop 
  hide details  
Reply
i7 Workstation
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 c0 @ 3.4ghz Asus P6T WS Pro ASUS GTX 580 Direct CU II Corsair XMS3 12GB 
Hard DriveOptical DriveOSMonitor
(1) WD3000HLFS , (3) WD7501AALS, (1) WD5000AADS SAMSUNG 20X DVD±R DVD Burner Windows 7 Ultimate 64 (2) Asus VH236 
KeyboardPowerCaseMouse
Logitech G15 Antec SG 850W Fractal Design Define R3 Logitech G9 
Mouse Pad
Allsop 
  hide details  
Reply
post #10 of 24
Quote:
Originally Posted by PoopaScoopa View Post
What company doesn't? You think Microsoft wants people to know about their vulnerabilities? It's amazing how ignorant people can be when it comes to anything with the word Apple in it. They're not stopping anyone from reporting exploits to them, which is what this developer didn't do.
While I agree, it is important that it gets out there. As the OP said "Security through obscurity never works".
v3.3.2
(15 items)
 
Dell Inspiron 15R
(13 items)
 
v2.2.6
(14 items)
 
CPUMotherboardGraphicsRAM
i5 3570K GIGABYTE GA-Z77X-UD5H NVIDIA GeForce GTX 970 G. SKILL Sniper 16GB (4GBx4) 
Hard DriveHard DriveHard DriveCooling
SanDisk Ultra II 120GB 2 x OCZ Vertex 4 256GB Seagate Barracuda 1TB Corsair H90 
OSMonitorKeyboardPower
Windows 8.1 Pro Dell Ultrasharp U2311H Logitech G510s Corsair AX750 
CaseMouseOther
NZXT Switch 810 Logitech G502 Proteus Spectrum APC BX1000G UPS 
CPUGraphicsRAMHard Drive
Intel i3 2350M Intel HD3000 6GB DDR3 Corsair Force 3 120GB SSD 
OSMonitor
Lion 15" 
CPUMotherboardGraphicsRAM
AMD FX-8120 @ 4.4GHz ASUS SABERTOOTH 990FX XFX Radeon HD 5870 G. SKILL Sniper 8GB (4GBx2) @ 2133MHz 
Hard DriveCoolingOSMonitor
Seagate Barracuda 1TB Corsair H80 Windows 7 x64 Acer x193w+ 
KeyboardPowerCaseMouse
Logitech K800 PC Power & Cooling 910w Silencer Lian-Li ARMORSUIT PC-P50 Logitech Performance MX 
  hide details  
Reply
v3.3.2
(15 items)
 
Dell Inspiron 15R
(13 items)
 
v2.2.6
(14 items)
 
CPUMotherboardGraphicsRAM
i5 3570K GIGABYTE GA-Z77X-UD5H NVIDIA GeForce GTX 970 G. SKILL Sniper 16GB (4GBx4) 
Hard DriveHard DriveHard DriveCooling
SanDisk Ultra II 120GB 2 x OCZ Vertex 4 256GB Seagate Barracuda 1TB Corsair H90 
OSMonitorKeyboardPower
Windows 8.1 Pro Dell Ultrasharp U2311H Logitech G510s Corsair AX750 
CaseMouseOther
NZXT Switch 810 Logitech G502 Proteus Spectrum APC BX1000G UPS 
CPUGraphicsRAMHard Drive
Intel i3 2350M Intel HD3000 6GB DDR3 Corsair Force 3 120GB SSD 
OSMonitor
Lion 15" 
CPUMotherboardGraphicsRAM
AMD FX-8120 @ 4.4GHz ASUS SABERTOOTH 990FX XFX Radeon HD 5870 G. SKILL Sniper 8GB (4GBx2) @ 2133MHz 
Hard DriveCoolingOSMonitor
Seagate Barracuda 1TB Corsair H80 Windows 7 x64 Acer x193w+ 
KeyboardPowerCaseMouse
Logitech K800 PC Power & Cooling 910w Silencer Lian-Li ARMORSUIT PC-P50 Logitech Performance MX 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Forbes] iPhone Security Bug Lets Innocent-Looking Apps Go Bad