ibnlive » Tech

Apple security expert finds apps-software bug

Nov 08, 2011 at 08:57am IST

Washington: A software flaw in Apple Inc's iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security. Charlie Miller, a researcher with Accuvant Labs who identified the problem, built a prototype malicious program to test the flaw. He said Apple's App Store failed to identify the malicious program, which made it past the security vetting process.

There is as yet no evidence that hackers have exploited the vulnerability in Apple's iOS software. But Miller said his test demonstrated that there could be real malware in the App Store. "Until now you could just download everything from the App Store and not worry about it being malicious. Now you have no idea what an app might do," Miller said.

ALSO SEE Apple to issue software fix for iPhone battery

Miller said he proved his theory by building a stock-market monitoring tool, InstaStock, that was programed to connect to his server once downloaded, and to then download whatever program he wants.

(To see a YouTube video demonstration of the technique, go to here)

ALSO SEE Apple loses tablet case against small Spanish firm

Apple did not respond to requests for comment. Miller, who in 2009 identified a bug in the iPhone text-messaging system that allowed attackers to gain remote control over the devices, said that he had contacted the company about the vulnerability.

"They are in the process of fixing it," he said. Miller is scheduled to present his detailed research at the SyScan '11 security conference in Taiwan next week

ALSO SEE We turned down iPhone: US Cellular


More from this section