December 28, 2024
@0xcharlie Discovers iOS Code Signing Security Flaw

@0xcharlie Discovers iOS Code Signing Security Flaw

Posted November 8, 2011 at 12:31am by iClarified
Charlie Miller, a popular hacker known as 0xcharlie, has discovered a security flaw in the code signing of iOS apps and subsequently been terminated from the iOS developer program.

Forbes reports that at the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple's restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad's memory. Using his method–and Miller has already planted a sleeper app in Apple's App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user's photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

Miller demonstrates the bug in the video posted below. Two hours after linking the Forbes article, he tweeted that Apple had removed his sleeper app and kicked him out of the iOS developer program.


OMG, Apple just kicked me out of the iOS Developer program. That's so rude!

First they give researcher's access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry

dunno, letter of termination. Sounds permenant. feels heavy handed, I miss Steve.

Read More [via Josh]



Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (11)
You must login or register to add a comment...
6f99885
6f99885 - November 9, 2011 at 5:29pm
Jay!! hackers are not trying to get famous or get rich. They have a passion to discover things you don't know. thats their job Apple they learn so much from this hackers,because they go deeper, most of their engineers .. So you have no idea ,he knows what he's doing You live in America dude its freedom of speech ..
Matt
Matt - November 8, 2011 at 11:27am
0xcharlie - you're the best ... Can you find a way to enable air mirroring on old iPhone 4 ? Love you're work
Abdul
Abdul - November 8, 2011 at 9:00am
He should have turned this exploit into a security app, at list it functions like a security app i know that runs in the background and is never detected. And ios needs a good security app that removed from the phone even after formating it, so that the owner can track it for life.
Nobo1
Nobo1 - November 8, 2011 at 5:18am
you compromised your terms conditions of your developer membership.... lucky they only kicked you off their program...
Me84
Me84 - November 8, 2011 at 3:35am
Hate it when my iPhone goes all Windoze and shit... Lol!
MrYogi
MrYogi - November 8, 2011 at 2:02am
Please jailbreak the iPhone 4s!
Unethered
Unethered - November 8, 2011 at 1:54am
Can you give us untethered jailbreak? please for Iphone4S I'm dying here . PLease help..we will donate
Diego
Diego - November 8, 2011 at 1:45am
O can't believe they kicked you out of the program, they should hire you directly, I think that's what Steve (RIP) would have done...
lol08
lol08 - November 8, 2011 at 1:07am
Is this even in English?
80
80 - November 8, 2011 at 1:02am
Wtf. My phone does that shit. I'm hacked. Random notification or voicemail sound goes off swell as vibrate.
Stefan
Stefan - November 8, 2011 at 7:13am
Haha, happy for you !!
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS