Jump to content

Hacker uncovers major iOS security flaw [video]


Recommended Posts


A major security flaw in Apple’s iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert. Described by Forbes as a “serial Mac hacker,” Accuvant LABS computer security researcher Charlie Miller has uncovered a security flaw that allows hackers to build apps that look legitimate and pass through Apple’s App Store approval process. Using a code-signing vulnerability, however, the malicious apps will automatically connect to a remote server following installation and download new unapproved code that might grant hackers access to system files, personal data and a host of unauthorized functionality. Read on for more.

Apple’s closed App Store approval process has been touted by security experts and pundits alike as a much more secure option than an open system like Google’s Android Market. While Apple has been largely successful in keeping malicious software out of its iOS App Store, this newly revealed vulnerability illustrates that no system is ever fully secure. “Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller told Forbes in an interview. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Miller isn’t just talking the talk, either. The security expert actually planted an app in Apple’s App Store that utilizes the exploit he detailed. Miller submitted the app to Apple for approval using his developer account and, following Apple’s standard testing and approval process, the app became available in the App Store. Miller then recorded a video illustrating some of the many functions a hacker would be able to perform using this exploit, which include executing a payload that will give the hacker complete control of an iOS device from a remote terminal.

The security expert’s app has since been removed from the App Store and his developer account has been suspended. Miller’s video follows below.



View the full article

Link to comment
Share on other sites

holy crap


Im getting new smartphone for christmas. Well, A smartphone. tired of my POS phone that cant do anything ^^.


Why do iphone and androids flaws have to be so major!!!

Edited by General
Link to comment
Share on other sites

How does a stock market watching app look fishy or not legitimate to you?


You would want to download something known from one of the big banks, new companies like MSNBC, Yahoo, Bloomberg, or smaller independants like Motley Fool.

Link to comment
Share on other sites

it would look fishy when it's only got like 10 downloads, though if he was to influence that, it could have become one very scary app

I dont think it shows that type of info, of how many downloads, but i could be wrong.


the general population in the world isnt thinking about how there are people out there in the world who want their info, so they think nothing of "Too good to be true"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.