Corey Posted November 8, 2011 Posted November 8, 2011 A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicious apps will automatically connect to a remote server following installation and download new unapproved code that might grant hackers access to system files, personal data and a host of unauthorized functionality. Read on for more. Apple’s closed App Store approval process has been touted by security experts and pundits alike as a much more secure option than an open system like Google’s Android Market. While Apple has been largely successful in keeping malicious software out of its iOS App Store, this newly revealed vulnerability illustrates that no system is ever fully secure. “Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller told Forbes in an interview. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.” Miller isn’t just talking the talk, either. The security expert actually planted an app in Apple’s App Store that utilizes the exploit he detailed. Miller submitted the app to Apple for approval using his developer account and, following Apple’s standard testing and approval process, the app became available in the App Store. Miller then recorded a video illustrating some of the many functions a hacker would be able to perform using this exploit, which include executing a payload that will give the hacker complete control of an iOS device from a remote terminal. The security expert’s app has since been removed from the App Store and his developer account has been suspended. Miller’s video follows below. View the full article Quote
TulsaGeoff Posted November 8, 2011 Posted November 8, 2011 Don't download things that are not legitmate or look fishy. Best antivirus available Quote
General Posted November 8, 2011 Posted November 8, 2011 (edited) holy crap Im getting new smartphone for christmas. Well, A smartphone. tired of my POS phone that cant do anything ^^. Why do iphone and androids flaws have to be so major!!! Edited November 8, 2011 by General Quote
Krauersaut Posted November 8, 2011 Posted November 8, 2011 Don't download things that are not legitmate or look fishy. Best antivirus available How does a stock market watching app look fishy or not legitimate to you? Quote
TulsaGeoff Posted November 8, 2011 Posted November 8, 2011 How does a stock market watching app look fishy or not legitimate to you? You would want to download something known from one of the big banks, new companies like MSNBC, Yahoo, Bloomberg, or smaller independants like Motley Fool. Quote
jaie Posted November 8, 2011 Posted November 8, 2011 it would look fishy when it's only got like 10 downloads, though if he was to influence that, it could have become one very scary app Quote
General Posted November 8, 2011 Posted November 8, 2011 it would look fishy when it's only got like 10 downloads, though if he was to influence that, it could have become one very scary app I dont think it shows that type of info, of how many downloads, but i could be wrong. the general population in the world isnt thinking about how there are people out there in the world who want their info, so they think nothing of "Too good to be true" Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.