Apple kicks bug hunter out of its developer program

Share this article:
Renowned bug hunter Charlie Miller has been kicked out of Apple's iOS developer program after creating a proof-of-concept (PoC) app – and tricking Apple into approving it – that exploits a security flaw that could allow unapproved code to run on iPhones and iPads.

Miller, best known for his zero-day vulnerability discoveries in Apple products, found a way to plant a nefarious program in Apple's highly restrictive App Store.

He plans to reveal the method next week at the SysCan conference in Taiwan, according to Forbes, which first reported the news. His technique exploits a bug in Apple's iOS code-signing mechanism used to allow only company-approved commands to run on an iPhone or iPad.

To demonstrate the issue, Miller created a PoC app called “InstaStock,” which appears to be a benign stock market program, but is capable of communicating with a remote computer, downloading unapproved commands and harvesting information from a device. He then managed to trick Apple into approving the app for distribution in its official distribution platform, a move the company said violated its terms of service.

“First, they give researchers access to developer programs…then they kick them out...for doing research. Me angry,” Miller, principal research consultant at security firm Accuvant, tweeted on Monday. He later admitted to violating Apple's terms of service, but said he likely has done so in the past.

“So why boot me now?” he asked.

The flaw allows apps in the App Store to download and run new code, even if the code is not signed by Apple, Miller explained in a YouTube video demonstrating the bug.

“So you could imagine downloading a nice app, like Angry Birds, but instead of just being Angry Birds it actually can download and do anything it wants, and Apple would have no idea that happened,” Miller said in the video.

A spokesperson from Apple did not immediately respond when contacted by SCMagazineUS.com.

Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.