Apple let malware keen on App Store

App Store cracked Former NSA psychoanalyst and serial Apple hacker Charlie Miller has exposed a serious safety flaw in iOS, the operating system that powers iPhones and iPads.iOS prevents apps from acting unkindly by only allow code that has been signed by Apple to carry out responsive tasks. It seems that Miller has found a way to break through iOS’s security straitjacket and get iOS devices to run nameless code.

Carrying weapons with this information a hacker could write an app that allows them to take control of victims’ phones and tablets; stealing or destroying data, distribution text messages or even creation them vibrate at the hacker’s whim.

Having exposed a way to circumvent iOS’s code signing limits he wrote an app that would bypass Apple’s app review process. The app was able to pass the review process because it didn’t contain anything doubtful for the review to find out. Instead his app downloaded the malicious code later, once it had been installed on a phone or tablet.

In any other app this newly downloaded code would have been banned from organization because it wasn’t signed. Any users who downloaded his app, a stock market monitor tool called InstaStock, would have been unaware that once installed it downloaded a payload of malicious code that gathered up their device’s data and sent it over to Miller’s server.

Luckily Miller is one of the high-quality guys and the reason of his app wasn’t criminal but to prove his point in a dramatic fashion. Apple, being no fans of such theatrics, have removed the app from the App Store and terminated Miller’s developer license. Expect a fix from Apple in short order too.

 

Although you can’t download the app any more you can see Miller demonstrating control over a hijacked iPhone in his YouTube video. Arguably just as important as the discovery of a security flaw in iOS is the fact that Miller got his app past Apple’s famously strict App Store vetting process.

In doing so he compromised one of Apple’s most significant advantages over their fierce rival Google; the safety of their apps and the App Store.

While Google’s Android apps can be downloaded from pretty much anywhere, apps for the iPhone and iPad can only be installed via Apple’s official App Store. Each app is individually reviewed before making it in to the store.Apple’s gatekeeper approach hasn’t been to everyone’s liking but it has been a significant factor in protecting Apple devices from the levels of malware Android is experiencing. Now it seems the gatekeeper’s been caught snoozing.

The prospect of viruses running rampant through the App Store is still remote but iPhone and iPad owners cannot afford to languish behind Apple’s reputation. Graham Lee’s three free tips to better protect your iPhone are a good start to defensive against the common problems users are likely to face.

This entry was posted in 419 scam, 419 Scam fraud, anti scam, ATM Scam. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Nigerianspam.com is dedicated to all the hardworking people who have been scammed by the spammer or 419 scam frauds. Although our site concentrates on providing awareness of Nigerian 419 spam (scam), scam baiting, advance fee fraud, scam phising, also we deal with other types of fraud such as letter spam, e-mail scam, lottery spam as well. You can go through our scam baiting tips, it is just amazing way to deal with the spammer or scammer.

Nigerian Scam  |   419 Scam   |   Features of Scam  |   Mission  |   Research  |   Mail Archives  |   About Us   |   File A Complaint  |   Spam News  |   Origin Of Scam   |   Operation Of Scam   |   Consequences   |   Miscellaneous Scams   |   Scam Sites   |   FAQ   |   Contact Us  |   Scam Resources Links  |   Nigerian Scammers  |   Site Map  |   Mail Archives SiteMap  |   Scam Glossary  |   Scam Resources Books  |   Scam Checker Tool  |   Scam baiting   |   More Scam Sites  |  Scam Awareness Quiz  |   Celebrity Scam  |  Search Engine Genie  |   Bharat Udyog Ratna Award Scam Alert  |   Jeff Adams Real Estate Seminar   |   Russ Whitney Real Estate
free hit counter