Apple developer booted after revealing iPhone exploit

By Lee Kaelin on November 8, 2011, 9:30 AM

Security researcher Charlie Miller has been kicked out of Apple's developer program after he revealed details of a security flaw in their iOS operating system. Miller announced the news on his Twitter account yesterday afternoon, saying, "OMG, Apple just kicked me out of the iOS Developer program. That's so rude!" He added, "First they give researcher's access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry."

Charlie Miller is a retired NSA analyst who now works as a researcher for Accuvant and has hacked practically every device made by Apple since 2007. He was responsible for finding the battery hacking vulnerabilities in Apple laptops, and has found and reported countless flaws to Apple in the last few years.

His latest find involves a security hole in iOS that allows applications -- which have been approved and are live on the Apple App Store -- to grab unsigned code from third-party servers. To prove this, Miller created a generic stock checking app that enabled him to tap into his server at home and grab bits of code from his phone, including a list of running processes and the address book. Check out the video below to see it in action:

By submitting his proof-of-concept application Miller violated the Apple App Store Guidelines, specifically sections 3.2 and 6.1 of Apple's iOS Developer Program License Agreement, which cover interfering with Apple's software and services, and hiding features from the company when submitting them. 

As a result, Apple terminated his developer license with immediate effect, sending a very clear message to everyone to keep hands off the App Store whether they are would be hackers or security researchers.

"I don't think they've ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," said Miller in an email to Cnet. "That is the really bad news from their decision." Miller had allegedly alerted Apple about the exploit three weeks ago.




User Comments: 34

Got something to say? Post a comment
KG363 KG363 said:

"legit applications". Really? Really?

Scshadow said:

Typical Apple ignorance. Charlie Miller, go help other platforms that actually welcome information on any potential security exploits.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Seems to me they fired the guy for doing his job.

If that is so, may he show everyone how its done.

Guest said:

DUDE, this is great, Screw apple. Go to android help out the free market, bring us more security and eventually show apple what the hell they did wrong. You just do not fire NSA analysts, sorry but that was just stupid. Steve Jobs would not be proud.

MilwaukeeMike said:

Umm... normally I like to rip on Apple as much as the next guy, but I don't think they're wrong here. Charlie found a security flaw and to 'test' it he put an app on the App Store that violated the agreement he had signed. It would be like finding a way into a bank vault and then breaking in at night and stealing something to prove it worked. The bank would be mad, just as Apple was mad.

Sounds to me like this Charlie dude did what many hackers do, they show off their work for some attention. Now he's dealing with the consequences. So, Charlie.... Deal with it.

And honestly, who says 'Me angry'?! Who does he think he is? Elmo?

Burty117 Burty117, TechSpot Chancellor, said:

wow, what a stupid move apple, this guy has just shown you a very fundimental flaw with your app store (this brings in alot of money for those in the finance department) and you fire him for A) doing his job and B) helping you fix the app store? How stupid...

cliffordcooley cliffordcooley, TechSpot Paladin, said:

And honestly, who says 'Me angry'?! Who does he think he is? Elmo?
Do you honestly think everyone talks the same way? He probably said it that way as a joke and you are taking him seriously.

mario mario, Ex-TS Developer, said:

Did anyone read the actual story first before commenting? Charlie Miller was not an Apple employee, he's an independent security researcher that got an App approved that could run arbitrary unsigned code using a security exploit, which is prohibited by App Store rules.

Although the news title might lead to confusion, remember it's alway good to read the entire article.

Guest said:

Hi,

This is stupid from Apple to ban someone for showing then the security flaw. Also he did'nt stole any info from the apps store or any other users:

"To prove this, Miller created a generic stock checking app that enabled him to tap into his server at home and grab bits of code from his phone, including a list of running processes and the address book."

He tap into his OWN server and grab info from his OWN phone. This was to prove to Apple that the flaw exist, not to hack any other person info.

This is a bit like the story a while ago about a hacker that got bring to court because he found a flaw in a company security and told them about the flaw. Instead of being happy about someone finding a flaw for FREE and telling them they brought the guy to court.

Apple think there product are perfect and does not contain any security flaw but we all saw that its not the case and when someone show them that they are not perfect they either ban them or bring them to court. Way to go Apple, you are going down slowly but surely.

Guest said:

Welcome to ANDROID, Charlie.

We love you. We want you. We don't censor. The "We" of whom I speak is EVERYONE.

Come over from the DARK SIDE, Charlie. Yes, Apple is now BIG BROTHER -- I'm starting to think their 1984 Superbowl commercial was a WARNING of what they would become.

Come on in. Your desk is right HERE, and we all split the cost of coffee over there in the break-room. Carmen Electra has volunteered to be your assistant. :-)

Charlie! It's great to have ya! :-)

Guest said:

@Mario : to find a flaw, you have to test it and thats what he did!

no he wasnt an employe, but he did something good for them. i mean, he could have sold or used this exploit, but instead, he reported it to apple. and they answered as d1ck$ to him.

mario mario, Ex-TS Developer, said:

I'm not saying that what he did is wrong, I'm just saying the App Store has a policy and if you break it you will get your App banned or thrown out of it.

So basically Apple pulled an app that could damage your phone or leak your personal data, and all you guys are like hey come to Android we love having that kind of malware on our systems: [link]

stewi0001 stewi0001 said:

I guess this is like a 50/50 issue. Thanks for finding this but you broke da rulez

Guest said:

LOL@fanboys, i'll go to Android when i stop seeing sketchy screen swipes, handset manufacturers stop preinstalling software you cannot uninstall, and when (at least) 90% of the handsets available running Android can get the same update. Got it? Good.

PS, I don't care if you can root it. that's not the point.

Guest said:

mario: So basically Apple pulled an app that could damage your phone or leak your personal data, and all you guys are like hey come to Android we love having that kind of malware on our systems

Did you read this part, mario? > To prove this, Miller created a GENERIC stock checking app that enabled him to tap into HIS SERVER AT HOME and grab bits of code from his phone, including a list of running processes and the address book.

Nothing got pulled. That implies it was approved. The APPLICATION was rejected. It was his proof-of-concept application, not something he was looking to make money off of. I'm with Miller. I think he did tell Apple about it prior, and when they ignored him, he created an app to prove what he was saying, and all you (mario+readers) hear is, "someone can get my data? damn you Miller!", when you should be saying, "damn you Apple for not listening to Miller."

Staff
Jos Jos said:

Guest: Actually, the application was approved but subsequently pulled after he made the security hole public. If you watch the video, Miller downloads it from the App Store. He made it to demonstrate the flaw and not for any malicious purpose... I don't think mario or the article implied otherwise.

Guest said:

Well mario did say Apple did us a favour, when that is not the case at all. Okay Miller downloaded it from the app store, but he did it to show what he was saying about the exploit was true.

Guest said:

The problem is not that is application was pull off but the fact that Apple kick him out of the program entirely.

Guest said:

Yes but he let apple know so it would be like breaking into a bank, anfd then phoning the bank to prove that you could do it, while I agree he did violate his contract apple is wrong in this regard as they have always gone on and on about how OS X, IOs are immune to malware, viruses and would probably not believe anyone informing them otherwise

Guest said:

Seems that the spirit of Jobs is still alive and well...

Burty117 Burty117, TechSpot Chancellor, said:

I watched the video again and he rick rolled himself :P

negroplasty negroplasty said:

I guess Apple, like its users, would rather bury its head in the sand.

amstech amstech, TechSpot Enthusiast, said:

The people overseeing the technology don't understand it, and make poor disiplinary decisions.

Been happening for 20 years or so. Even at Microsoft and Apple.

Or they are just being harsh.

MrAnderson said:

They should hire people to do exactly what he is doing on a replicated version of the production environment. I?m not surprised and actually do not disagree with Apple's reacting. He violated the terms or contract. If they don?t act, it will only illustrate that they don?t take the production environment seriously. This adds somewhat to the level of security. If a developer does do harm, yes there will be some people that are victimized, but when caught that developer could find him/herself in serious poo-poo. Moreover, lepers on the ?golden? platform - a deterrent no less I'm sure.

Win7Dev said:

mario said:

I'm not saying that what he did is wrong, I'm just saying the App Store has a policy and if you break it you will get your App banned or thrown out of it.

So basically Apple pulled an app that could damage your phone or leak your personal data, and all you guys are like hey come to Android we love having that kind of malware on our systemsquote]

Getting the app taken down would be one thing, banning is another. Its fine if they acknowledge the app as a problem, remove it, and then fix the error. It's a whole different thing to just ban him for saving them possibly a class action lawsuit.

Phraun said:

So in other words, he should have sent Apple a nice letter stating something along the lines of "Hey, I found this potential hole in your systems but I don't have any hard evidence that it works because I don't want to violate your inane terms of use for the app store. Could you look into it for me?"

Without a proof of concept he'd have been dismissed out of hand. He wasn't out to steal peoples' information with that app and fully disclosed what the app was capable of doing once he had proof of his claims. Where exactly was he in the wrong? Grow up.

Guest said:

Actually if you all really read he told apple 3 weeks before he EVER posted this app.. they ignored him so he proved it to them their mess up all that way.. their developer relations are horrible if helping them out gets the person canned because they didn't listen so he HAD to violate his agreement and show them he knew he'd get fired.. he's not upset he got fired he's upset they didn't listen when he tried to tell them this guy is a hero and an amazing programmer and asset to any company he finds problems and tells them how to fix them he's not the problem he's the solution and Apple needs to burn for not acknowledging him for trying to save their product from what will likely be a disaster of epic proportions when someone with malice actually uses the flaw on something that's purchased and downloaded millions of times. Boo apple boo..

Guest said:

So that means you don't use an iPhone of course- unless I'm missing the obvious way to uninstall Newsstand, Safari, Calculator, Compass, Voice Memos, Weather, Stocks, iTunes, Music, Camera, Maps, Photos, Clock?

Guest said:

"Security researcher" Charlie Miller - Booted for doing his job as a Security researcher!

ItĀ's like working in a bank, as long as you donĀ't touch the money you safe, but who cares if you canĀ't do you job proper.

kvs13156 said:

Appstore security? What security - My itunes account has been hacked twice. Explanation or cooperation from apple? You got to be kidding. Just ask them for a list of authorized devices on your account and see how they answer, or ask for ip addresses of your own downloads.

Guest said:

i dunno y people defend apple here. i work in open-source, & as a developer i welcome proof of concepts, it's actually helpful to receive poc's as they help us developers see the exploit in action and we can fix it quicker.

the only thing we ask of hackers when they find exploits in our software is that they contact us and explain the exploit to us & give us a week or 2 to find a fix and get a new release out before they make the exploit public. whilst some people say making it public is being malicious, i myself think that exploits in the public actually push developers to write more securely, and then pushes users to actually spend the time to update their software.

though there are some companies that do not listen and think they're too good & no matter what is said, they do not believe you when you tell them of an exploit in their software. i have had my fair share of arguments with some developers on different projects when i mentioned that i had found exploits, & they ridiculed and told me i don't know what i'm talking about. so i had to show them. depending on my mood, i either defaced their software, or i locked them out for a few hours.

but i have always offered them advice on how to fix it, sometimes i fix it & give them the fixed code so they don't need to investigate it much. but i have never made anything public before i have given them ample time to fix it and update it.

Guest said:

No one is saying damn Miller, and no one is implying that Apple did not listen to his advice. What we are saying is that Miller broke a rule that he did not need to break to prove a point, and no one cares if "HE MAD!" about it. Except android fan boys, so they can buck the system in comments!

Changing the computer world, one comment at a time.

I'm sure hes mad because he doesn't want to go to android. Its garbage.

Guest said:

I really want to agree with you. But the arti le says *"Miller had allegedly alerted Apple about the exploit three weeks ago." Which would mean he told them, they did nothing, showed them by doing it.

At least that is what I gathered.

Guest said:

Apple should think about this. Is it really a good idea to piss a guy like this off?

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.