Digital Spy

Search Digital Spy
3

Tech News

Apple security expert exposes iPhone app flaw

By
Apple iPhone OS4

© Apple

A security expert has created a piece of malicious software for iPads and iPhones to demonstrate that the Apple App Store can be hit by malware.

Designed to look like a stock price tracker, the proof-of concept app was able to steal data, send text messages and destroy information, making it a "significant threat" to Apple devices.

Apple declined to comment on the incident, but has removed the app and blacklisted the developer from its store.

Charlie Miller, a researcher with Accuvant Labs, created the InstaStock software app to show that Apple's devices could be vulnerable to attack.

The app was accepted into iTunes in September and two months later Miller revealed that it contained malware that was able to remotely download contacts and pictures.

InstaStock was programmed to connect to Miller's server after it was downloaded, enabling him to download and access whatever programme on the device he wanted.

Miller said that the app made use of a change in Apple's iOS operating system which allowed non-approved code to be added to installed apps.

There is no evidence to suggest that hackers have exploited the vulnerability of iOS, but Miller said that the test showed real malware could hit the App Store.

"Until now you could just download everything from the app store and not worry about it being malicious," he said. "Now you have no idea what an app might do."

This is not the first time that Miller has attempted to reveal Apple's security flaws. In 2009, he identified a bug in the iPhone's text message system that enabled hackers to gain remote control over the handset. He has also exposed security flaws in Apple's Mac and other mobile platforms.

Miller plans to present his research at the SyScan 2011 security conference in Taiwan on November 17.

Independent mobile analyst Ian Fogg told BBC News that his app represented "the most significant threat yet to Apple's app store economy".

"Apple has been widely criticised for the way in which it limits what code developers can use but this suggests that it was probably right to do that," he added.

Graham Titterington, from research firm Ovum, said that Apple's app store is still more secure than main rival Google Android, where problems such as piracy are considered rife.

"The Android marketplace has a supply chain that is rather less controlled and therefore offers more potential to malware writers," he said.

However, Titterington noted that Miller's malicious iPhone app could be the "first of many".

You May Like

Comments

Loading...