Charlie Miller, a security researcher, has had his developer licence terminated by Apple after revealing a flaw that could let rogue apps take control of a device running iOS.
Forbes reports that Miller’s licence was terminated after he put a ‘sleeper’ app into the App Store to prove his point. Miller intends to present a way of exploiting a flaw in Apple’s restrictions on code signing on iOS devices at the SysCan conference in Taiwan next week.
In a four-minute video (below) Miller outlines the way the hack works. Though when an app is submitted to Apple for approval the company checks that the app doesn’t make any unapproved commands, ensuring that an iOS device running the app is protected.
However, Miller says he has found a way for an app to download new commands – unapproved by Apple – from a remote computer, potentially allowing someone to read files on an iOS device or make it carry out functions without the users permission or knowledge.
“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely,” Miller says.
Apple hasn’t made an official comment on the matter but it seems that it is less than impressed with Miller, banishing him from the Apple developer programme.
Miller is a serial hacker of Apple devices – he has shown off exploits for vulnerabilities in MacBooks and the iPhone in the past. He is a former NSA analyst and now works as a researcher with consultancy Accuvant.