Serious security flaw in iOS exposed by hacker

Accuvant LABS computer security researcher and hacker Charlie Miller spoke to Forbes about the flaws in Apple’s iOS for iPhones and iPads. He has used his developer code to gain access to the iOS and take a look around.

Miller developed an app named Instastock and ran it through Apple’s standard testing and approval process. When the app was cleared by Apple, it became available in the App Store. According to Miller, hackers can develop malicious apps that look legitimate, like this one did, and pass through Apple’s checklists will flying colours.

These malicious apps can then gain access to system files and personal data of users across the world. This is possible due to a code signing vulnerability in Apple’s systems says Miller. Apps can connect to a remote server and download new unapproved code that will grant them access to sensitive data. Miller has even made a video of all that hackers could do as a result of this security flaw, just as he has done. Of course, the video is creating waves all over the internet.

Miller states, “Now you could have a programme in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely.” According to him, a hacker running a malicious app will even be able to control an iDevice from a remote terminal.

This is not the first time Miller has hacked an iDevice, he has been known to hack every device Apple has made. In this case, his App has been removed from the App Store and Apple has also suspended his developer license.

Forbes reports that Miller plans to talk about his discovery at the SysCan conference in Taiwan next week. As far as Apple is concerned, maybe they should appoint Miller as their security expert, he might just be able to restore the company’s reputation as the provider of the most secure OS in the world.