iPhone Security Flaw Shows Potential for App Store Malware
By Jared Newman
The iPhone App Store has a reputation for rock-solid security, but that rep took a hit this week when an app that could run unauthorized code and control phones remotely was released to the public.
Luckily, this bad app was released for research purposes–not malicious ones.
Security researcher and famous Mac hacker Charlie Miller demonstrated an iPhone security flaw using a dummy stock ticker app that Apple unwittingly accepted into the App Store. The app was able to call a remote computer, which could then download unsigned code to the iPhone, harvest sensitive data, and trigger actions such as vibrations and ringtones.
Apple has already removed the program from the App Store, and has terminated Miller’s developer license, Forbes reports.
iPhone users needn’t panic; the offending app is already gone, and Miller expects Apple to squash the security bug to prevent legitimate attacks. Still, this exploit proves that the App Store’s strict security measures aren’t impenetrable. Security researchers have been saying this for years, but Miller has actually demonstrated it in the real world.