Jan 01, 2012 7:24 PM GMT
iPhone Security Bug Lets Innocent-Looking Apps Go BadAt the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory. Using his method–and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.
“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Update: Apple has terminated Miller’s developer license as a result of his research.
Update 2: Now Apple has offered a software update that fixes the flaw Miller found.
Proof-of-concept app exploiting iOS security flaw gets researcher in trouble with AppleArs spoke to Miller to understand the bug and its implications. In particular, he noted that this should make iOS users wary of apps from unknown or untrusted developers. "Until the flaw is fixed, you can't really trust what's coming from the App Store," Miller told Ars.
Cracking the iPad 2 lock screenSummary: All you need is a Smart Cover.
JailBreakMe site rings security alarm for iPhone and iPad usersInterestingly, "Comex", the creator of the JailBreakMe website seems to recognise that hackers might copy the exploit to use in the form of an iPad or iPhone virus. However, he attempts to deflect any responsibility in his FAQ:
"I did not create the vulnerabilities, only discover them. Releasing an exploit demonstrates the flaw, making it easier for others to use it for malice, but they have long been present and exploitable. Although releasing a jailbreak is certainly not the usual way to report a vulnerability, it still has the effect of making iOS more secure in the long run."
Apple will be furious that this vulnerability has been made public in this way, and that they have not yet got an official patch to protect their millions of users.
JailbreakMe: Security warning for iPhone and iPad ownersThe drive-by jailbreak is possible because the website exploits a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files - specifically its handling of fonts.
How a 15-yo Kid Tricked Apple With a Disguised iPhone Tethering AppAnother stupid flashlight application like a hundred others. Or so the App Store team thought.
Inside, the app contained hidden code that made it a full tethering application—a program that allows you to use your iPhone as a 3G modem.