Apple developer booted after revealing iPhone exploit

By Leeky
Nov 8, 2011
Post New Reply
  1. Security researcher Charlie Miller has been kicked out of Apple's developer program after he revealed details of a security flaw in their iOS operating system. Miller announced the news on his…

    Read the whole story
  2. KG363

    KG363 TechSpot Enthusiast Posts: 524   +9

    "legit applications". Really? Really?
  3. Scshadow

    Scshadow TechSpot Maniac Posts: 306   +25

    Typical Apple ignorance. Charlie Miller, go help other platforms that actually welcome information on any potential security exploits.
  4. cliffordcooley

    cliffordcooley TechSpot Paladin Posts: 5,098   +1,189

    Seems to me they fired the guy for doing his job.

    If that is so, may he show everyone how its done.
  5. DUDE, this is great, Screw apple. Go to android help out the free market, bring us more security and eventually show apple what the hell they did wrong. You just do not fire NSA analysts, sorry but that was just stupid. Steve Jobs would not be proud.
  6. MilwaukeeMike

    MilwaukeeMike TechSpot Evangelist Posts: 1,901   +616

    Umm... normally I like to rip on Apple as much as the next guy, but I don't think they're wrong here. Charlie found a security flaw and to 'test' it he put an app on the App Store that violated the agreement he had signed. It would be like finding a way into a bank vault and then breaking in at night and stealing something to prove it worked. The bank would be mad, just as Apple was mad.

    Sounds to me like this Charlie dude did what many hackers do, they show off their work for some attention. Now he's dealing with the consequences. So, Charlie.... Deal with it.

    And honestly, who says 'Me angry'?! Who does he think he is? Elmo?
  7. Burty117

    Burty117 TechSpot Chancellor Posts: 2,366   +261

    wow, what a stupid move apple, this guy has just shown you a very fundimental flaw with your app store (this brings in alot of money for those in the finance department) and you fire him for A) doing his job and B) helping you fix the app store? How stupid...
  8. cliffordcooley

    cliffordcooley TechSpot Paladin Posts: 5,098   +1,189

    Do you honestly think everyone talks the same way? He probably said it that way as a joke and you are taking him seriously.
  9. mario

    mario Ex-TS Developer Posts: 399   +17

    Did anyone read the actual story first before commenting? Charlie Miller was not an Apple employee, he's an independent security researcher that got an App approved that could run arbitrary unsigned code using a security exploit, which is prohibited by App Store rules.

    Although the news title might lead to confusion, remember it's alway good to read the entire article.
  10. Hi,

    This is stupid from Apple to ban someone for showing then the security flaw. Also he did'nt stole any info from the apps store or any other users:

    "To prove this, Miller created a generic stock checking app that enabled him to tap into his server at home and grab bits of code from his phone, including a list of running processes and the address book."

    He tap into his OWN server and grab info from his OWN phone. This was to prove to Apple that the flaw exist, not to hack any other person info.

    This is a bit like the story a while ago about a hacker that got bring to court because he found a flaw in a company security and told them about the flaw. Instead of being happy about someone finding a flaw for FREE and telling them they brought the guy to court.

    Apple think there product are perfect and does not contain any security flaw but we all saw that its not the case and when someone show them that they are not perfect they either ban them or bring them to court. Way to go Apple, you are going down slowly but surely.
  11. Welcome to ANDROID, Charlie.

    We love you. We want you. We don't censor. The "We" of whom I speak is EVERYONE.

    Come over from the DARK SIDE, Charlie. Yes, Apple is now BIG BROTHER -- I'm starting to think their 1984 Superbowl commercial was a WARNING of what they would become.

    Come on in. Your desk is right HERE, and we all split the cost of coffee over there in the break-room. Carmen Electra has volunteered to be your assistant. :)

    Charlie! It's great to have ya! :)
  12. @Mario : to find a flaw, you have to test it and thats what he did!
    no he wasnt an employe, but he did something good for them. i mean, he could have sold or used this exploit, but instead, he reported it to apple. and they answered as d1ck$ to him.
  13. mario

    mario Ex-TS Developer Posts: 399   +17

    I'm not saying that what he did is wrong, I'm just saying the App Store has a policy and if you break it you will get your App banned or thrown out of it.

    So basically Apple pulled an app that could damage your phone or leak your personal data, and all you guys are like hey come to Android we love having that kind of malware on our systems: https://www.google.com/search?gcx=w&sourceid=chrome&ie=UTF-8&q=android malware
     
  14. stewi0001

    stewi0001 TechSpot Enthusiast Posts: 276   +6

    I guess this is like a 50/50 issue. Thanks for finding this but you broke da rulez
  15. LOL@fanboys, i'll go to Android when i stop seeing sketchy screen swipes, handset manufacturers stop preinstalling software you cannot uninstall, and when (at least) 90% of the handsets available running Android can get the same update. Got it? Good.

    PS, I don't care if you can root it. that's not the point.
  16. mario: So basically Apple pulled an app that could damage your phone or leak your personal data, and all you guys are like hey come to Android we love having that kind of malware on our systems

    Did you read this part, mario? > To prove this, Miller created a GENERIC stock checking app that enabled him to tap into HIS SERVER AT HOME and grab bits of code from his phone, including a list of running processes and the address book.

    Nothing got pulled. That implies it was approved. The APPLICATION was rejected. It was his proof-of-concept application, not something he was looking to make money off of. I'm with Miller. I think he did tell Apple about it prior, and when they ignored him, he created an app to prove what he was saying, and all you (mario+readers) hear is, "someone can get my data? damn you Miller!", when you should be saying, "damn you Apple for not listening to Miller."
  17. Jos

    Jos TechSpot Staff Posts: 1,980   +53 Staff Member

    Guest: Actually, the application was approved but subsequently pulled after he made the security hole public. If you watch the video, Miller downloads it from the App Store. He made it to demonstrate the flaw and not for any malicious purpose... I don't think mario or the article implied otherwise.
  18. Well mario did say Apple did us a favour, when that is not the case at all. Okay Miller downloaded it from the app store, but he did it to show what he was saying about the exploit was true.
  19. The problem is not that is application was pull off but the fact that Apple kick him out of the program entirely.
  20. Yes but he let apple know so it would be like breaking into a bank, anfd then phoning the bank to prove that you could do it, while I agree he did violate his contract apple is wrong in this regard as they have always gone on and on about how OS X, IOs are immune to malware, viruses and would probably not believe anyone informing them otherwise
  21. Seems that the spirit of Jobs is still alive and well...
  22. Burty117

    Burty117 TechSpot Chancellor Posts: 2,366   +261

    I watched the video again and he rick rolled himself :p
  23. negroplasty

    negroplasty TechSpot Maniac Posts: 531   +11

    I guess Apple, like its users, would rather bury its head in the sand.
  24. amstech

    amstech TechSpot Enthusiast Posts: 761   +178

    The people overseeing the technology don't understand it, and make poor disiplinary decisions.
    Been happening for 20 years or so. Even at Microsoft and Apple.

    Or they are just being harsh.
  25. MrAnderson

    MrAnderson TechSpot Enthusiast Posts: 486   +10

    They should hire people to do exactly what he is doing on a replicated version of the production environment. I?m not surprised and actually do not disagree with Apple's reacting. He violated the terms or contract. If they don?t act, it will only illustrate that they don?t take the production environment seriously. This adds somewhat to the level of security. If a developer does do harm, yes there will be some people that are victimized, but when caught that developer could find him/herself in serious poo-poo. Moreover, lepers on the ?golden? platform - a deterrent no less I'm sure.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.