A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicious apps will automatically connect to a remote server following installation and download new unapproved code that might grant hackers access to system files, personal data and a host of unauthorized functionality. Read on for more.
Apple’s closed App Store approval process has been touted by security experts and pundits alike as a much more secure option than an open system like Google’s Android Market. While Apple has been largely successful in keeping malicious software out of its iOS App Store, this newly revealed vulnerability illustrates that no system is ever fully secure. “Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller told Forbes in an interview. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Miller isn’t just talking the talk, either. The security expert actually planted an app in Apple’s App Store that utilizes the exploit he detailed. Miller submitted the app to Apple for approval using his developer account and, following Apple’s standard testing and approval process, the app became available in the App Store. Miller then recorded a video illustrating some of the many functions a hacker would be able to perform using this exploit, which include executing a payload that will give the hacker complete control of an iOS device from a remote terminal.
The security expert’s app has since been removed from the App Store and his developer account has been suspended. Miller’s video follows below.