Apple Boots Security Researcher for Rogue App

Jennifer LeClaire, <a href='http://www.newsfactor.com'>newsfactor.com</a>

November 8, 2011 at 8:03 PM

In a move to prove that Apple's App Store could be stocked with apps containing malicious code, a notable security researcher put a rogue app into the store. Now, that notable security researcher is banned from Apple's developer program.

Charlie Miller, a principal research consultant for Accuvant, a security firm in Denver, tapped into a previously undiscovered flaw in Apple's iOS to develop an app that essentially "phoned home" to his own server. This is the same Miller, by the way, who has won the annual Pwn2Own hacking contest four times -- the only one to win it four times.

Here's the background: Miller developed a fake stock ticker app. He called it Instastock. That app served as his proof of concept. Miller put the app through Apple's submission process and got the green light. Instastock showed up on the App Store's virtual shelves in September. Apple didn't take kindly to the experiment. Apple won't let Miller back in its developer program for a year.

Miller Lashes Out

The flaw Miller discovered would let an app creator execute arbitrary code on Apple mobile devices that run iOS 4.3 or later. The flaw deals with the way iOS handles code signing. Code signing is important because it is a mechanism to protect users from malware. Essentially, Miller said, the flaw allows the apps to run new code even if Apple hasn't checked it.

"You can imagine downloading a nice app like Angry Birds but instead of just being Angry Birds it actually can download and do anything it wants, and Apple would have no idea that it happened," Miller said in a YouTube video that explains how attackers could use the flaw.

Since Apple banned him from its developer program, Miller has been vocal on Twitter. Among his tweets on Monday: "Apple has removed my app from the app store, those bastards!" and "OMG, Apple just kicked me out of the iOS Developer program. That's so rude!" and later Monday afternoon, "First they give researchers access to developer programs (although I paid for mine), then they kick them out...for doing research. Me angry."

Apple's Example

Michael Disabato, managing vice president of network and telecom at Gartner, doesn't see how Miller has any right to complain about Apple's moves to remove the Instastock app from the App store -- or remove him from the developer program.

"He signs an agreement to get into the developer program that says he's not going to do anything like this. He proceeds to do something that violates his developer program terms and conditions," Disabato said.

"He actually puts in a fake stock ticker program that could cause people financial harm if he's not accurate in the stock prices he's given them. Apple finds out and kicks him out because he's essentially put in a rogue application and now he complains. Welcome to the United States of America. Apple had to kick him out."

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Welcome to the WNBA: Caitlin Clark's regular-season debut is anything but easy
Clark set the Indiana Fever’s franchise record for turnovers (10), shot 5-of-15 from the floor and struggled with the Connecticut Sun’s physical defense.
Yahoo Sports
Caitlin Clark, Fever facing plenty of growing pains early after another blowout loss in home debut
The atmosphere was electric for Clark's home debut and there were brief flashes from the Fever, but it's clear they've got plenty to work on before they can compete with the WNBA's elite teams.
Yahoo Sports
World No. 1 Scottie Scheffler tees off at PGA Championship after being arrested, charged with felony for incident outside Valhalla
Scottie Scheffler was arrested by police en route to Valhalla Golf Club during a traffic incident.
Yahoo Sports
NBA Draft Combine reactions: Edey oh my, Bronny James is ready & whose stock is rising? | On the Clock with Krysten Peek
Yahoo Sports NBA draft expert Krysten Peek is back for another season of On the Clock with Krysten Peek. Krysten just spent the week in Chicago at the NBA Draft Combine and kicks off draft season joined by CBS Sports' Kyle Boone.
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
Scottie Scheffler releases statement following arrest: 'There was a big misunderstanding of what I thought I was being asked to do'
Scheffler was arrested following an incident with an officer outside the entrance to Valhalla Golf Club.
Yahoo Sports
Fox Sports host Doug Gottlieb hired as Green Bay's coach, will reportedly still host radio show
Gottlieb's repeatedly courted controversy in his media role and will reportedly continue to host his nationally syndicated radio show while coaching Green Bay.
Yahoo Sports
2024 Wide Receiver rankings for fantasy football
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
2024 NFL schedule: Everything you need to know about this season's slate of games
Here's what you need to know about the 2024 NFL schedule after Wednesday night's announcement.
Yahoo Sports
NFL schedule release: The top 10 must watch games of the regular season
What are the most anticipated games for this NFL season?
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
Attorneys say Scottie Scheffler likely won't face felony conviction: 'Probably about a zero percent chance'
Scottie Scheffler will likely avoid the most serious charges filed against him stemming from Friday morning's altercation with police.
Yahoo Sports
2024 Tight end rankings for fantasy football
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
Fantasy Baseball Numbers Do Lie: Luck evening out will change fortunes for these 5 players
Dalton Del Don puts some fraudulent stats under the magnifying glass as we move through Week 7 of the fantasy baseball season.
Yahoo Sports
Rory McIlroy files for divorce from wife Erica after seven years of marriage
On the eve of the PGA Championship, Rory McIlroy has filed for divorce from his wife, Erica.
Yahoo Life Shopping
Memorial Day sales 2024: Everything we know, including early deals you can shop now
Mark your calendar: The holiday weekend runs May 24-27, but you don't have to wait to save.
Yahoo Life Shopping
'No Botox, no peels, no fillers': Salma Hayek's go-to ingredient for ageless skin is in this $10 cream
The bark of the 'Mexican skin tree' is known for its regenerative properties.
Yahoo Sports
Lionel Messi's salary, Inter Miami's payroll are MLS record highs
Even without his Apple deal and his equity in Inter Miami, Lionel Messi is making more money than all but a few MLS teams.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Apple Boots Security Researcher for Rogue App

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Welcome to the WNBA: Caitlin Clark's regular-season debut is anything but easy

Caitlin Clark, Fever facing plenty of growing pains early after another blowout loss in home debut

World No. 1 Scottie Scheffler tees off at PGA Championship after being arrested, charged with felony for incident outside Valhalla

NBA Draft Combine reactions: Edey oh my, Bronny James is ready & whose stock is rising? | On the Clock with Krysten Peek

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

What scouts think of Bronny James' NBA prospects

Scottie Scheffler releases statement following arrest: 'There was a big misunderstanding of what I thought I was being asked to do'

Fox Sports host Doug Gottlieb hired as Green Bay's coach, will reportedly still host radio show

2024 Wide Receiver rankings for fantasy football

2024 NFL schedule: Everything you need to know about this season's slate of games

NFL schedule release: The top 10 must watch games of the regular season

The Spin: Making a call on 5 slumping fantasy baseball stars

Attorneys say Scottie Scheffler likely won't face felony conviction: 'Probably about a zero percent chance'

2024 Tight end rankings for fantasy football

Fantasy Baseball Numbers Do Lie: Luck evening out will change fortunes for these 5 players

Rory McIlroy files for divorce from wife Erica after seven years of marriage

Memorial Day sales 2024: Everything we know, including early deals you can shop now

'No Botox, no peels, no fillers': Salma Hayek's go-to ingredient for ageless skin is in this $10 cream

Lionel Messi's salary, Inter Miami's payroll are MLS record highs