iOS Security Breach Lets Seemingly Safe Apps Do Malicious Activity
![iOS Security Breach Lets Seemingly Safe Apps Do Malicious Activity [iOS Developer Discovers Bug That Lets 'Sleeper' Apps Download Unapproved Commands to the iPhone, iPad & iPod Touch; Gets Kicked Out of Apple's Developer Program in the Process]](http://tftscdn2.nexus404.com/Blog/thumbnailimages/alt/iOS-5-logo-with-Apple-App-Store-LogoTFTSThumb220153.jpg){kind=logo}
Apple’s closed application ecosystem is usually considered to be safe and secure. But a security researcher has discovered a flaw in iOS devices that lets seemingly innocent applications run all sorts of commands at root level.
App developer Charlie Miller plans to disclose an iOS vulnerability that lets applications run unapproved code on iOS devices via a flaw in the operating system. The developer has created a proof-of-concept application, which had been approved by Apple and included in the App Store.
Planning to announce the security breach at the SysCan conference in Taiwan in the next few days, Miller says the issue is so serious that existing applications that seem innocent enough can actually contain code that can do all sorts of malicious activity, such as download new software, run commands at root level, and connect to a remote server.
Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely.
These activities can include downloading of photos, messages, contacts, and all sorts of information from an iPhone, iPad or iPod Touch. Developers could theoretically repurpose their existing apps to take over a device even without the knowledge of the user.
Miller’s sleeper app, called Instastock, is supposedly a simple software that displays stock tickers. It went through the normal Apple approval process, although the company never suspected the app could potentially do damage. Miller has demonstrated how he can control iPhones with Instastock installed remotely, such as play sounds and ringtones, make the phone vibrate, and the like.
Apple has since pulled Instastock down, and revoked Miller’s developer license as a result of his research. A former NSA analyst, Miller responded by saying he has regularly been reporting bugs in the hopes that Apple will fix these. “I report bugs to them all the time. Being part of the developer program helps me do that,” he says, adding that he paid for the developer license, which makes it easier for him to build apps and test security as part of his job at security firm Accuvant.
Apple has not issued any official comment, save for its notice of termination of the iOS Developer Program License Agreement with Miller.
Credit: Source.Get Cash for Your Old iPhone, iPad, iPod & Other Apple Devices Through Dataserv in Europe
Developer Reveals App Analytics Data That Shows iOS Users Are Fast to Update to the Latest iOS Version Available
New Report Details a 5-Inch iOS Device, Is It a Next-gen iPod touch, iPad or iPhone?
Apple Patent Applications Suggest Thunderbolt Technology Might Soon Come to iPhone, iPad & iPod Touch for Syncing, Data Transfer & Charging
The O Allows You To Encase Your iPhone, iPod Touch, Or Android Phone In Foam Rubber & Throw It At Things, Even Includes Custom Apps
iPhone, iPad & iPod Touch Users Can Now Enjoy Streaming Music From Music Unlimited as Sony Opens its Music Platform to Apple iDevices
Breaking News
The TFTS Team
