Home > Personal Technology > Apple > Apple bans researcher for making security loopholes public

Apple bans researcher for making security loopholes public


Apple platforms have mostly been less susceptible to security breaches, and are more trusted. That good name may now be tarnished by a recent stunt to uncover a flaw in the system which allows a virus loaded app to pass and made public to show that the vulnerability is real. Instead of acknowledging the issue, Apple's first priority was to remove the app and kick him out from the Apple developer's program.

The security of Apple’s approval system for third party apps was publicly put to question recently when a stock tracking app, InstaStock, written by a security researcher Charlie Miller, was discovered to have utilized a security loophole to demonstrate a weakness in Apple's iOS. While harmless by itself, the app will install a malware which is obtained when the user is connected to the Internet, giving ability to manipulate sensitive information on the device, as well as pushing bogus notifications.

While the app has been live since September, it was quickly removed when the security breach it was employing was discovered. The creators of the iOS were also swift to show their unhappiness by revoking Miller’s developer license as well.

The former NSA analyst had previously highlighted to Apple about a security flaw which existed since iOS 4.3 update last year, which allowed JavaScript code to have a higher influence with the device. Despite knowing the kind of reaction Apple will have, Miller proceeded to manifest this security flaw by stealthily inserting this app for cirulation in the AppSotre, stating that “without a real app in the App Store, people would say Apple wouldn’t approve an app that took advantage of this flaw.”

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check”, Miller mentions, “with this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Miller was apparently unhappy with Apple’s decision to punish him, as he tweeted: “First they give researcher’s access to developer programs; (although I paid for mine) then they kick them… for doing research. Me angry.”

He has reasons to be upset, as he intended to reveal the security flaw at the SysCan conference in Taiwan due on 17 November. Like it or not, Miller has successfully put a dent in Apple’s reputation for creating well-protected platform, and while this may not balance out the mobile security playing field, it has done enough to show that lapse in vigilance can exist anywhere.


Source: Intomobile, Pocket-lint

VR-Zone is a leading online technology news publication reporting on bleeding edge trends in PC and mobile gadgets, with in-depth reviews and commentaries.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read previous post:
Review: ASUS O!Play Mini Plus

Smart TV is all the rage and if you want to get in on the trend you may end up...