Tuesday, 8 November 2011

Apple unable to vet all apps

Charlie Miller sends a remote
command to vibrate his iPhone
A researcher has found a security hole that could allow unauthorised access to Apple iPhones.

The embarrassing part of this news, for Apple, is that someone was able to sneak a potentially malicious application through its code auditing process.

iPhone users rely on Apple to check through all third-party programs for security issues. Once Apple has verified that an app is malware-free, and only then, it is allowed into the iPhone Apps Store.

Charlie Miller, a well-known security researcher, wrote a stock ticker app that contained a nasty surprise. Once installed it was able to download further code. This was software that Apple had not had a chance to check.

In a video demonstration, Miller shows how the Trojan would allow an attacker remote access to an iPhone. He downloads the address book and issues a command to make the unit vibrate from a reverse shell.

Reports suggest that Apple has retaliated by banning Miller from its iOS development program. Apparently he planned to present his findings, including a live exploitation of a phone, at the SysCan conference in Taiwan.

UPDATE (08/11/2011): SecurityWeek reports that the vulnerability is due to iOS not enforcing code signing for the Nitro JIT compiler.