Security researcher Charlie Miller has been kicked out of Apple's developer program after he revealed details of a security flaw in their iOS operating system. Miller announced the news on his Twitter account yesterday afternoon, saying, "OMG, Apple just kicked me out of the iOS Developer program. That's so rude!" He added, "First they give researcher's access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry."
Charlie Miller is a retired NSA analyst who now works as a researcher for Accuvant and has hacked practically every device made by Apple since 2007. He was responsible for finding the battery hacking vulnerabilities in Apple laptops, and has found and reported countless flaws to Apple in the last few years.
His latest find involves a security hole in iOS that allows applications -- which have been approved and are live on the Apple App Store -- to grab unsigned code from third-party servers. To prove this, Miller created a generic stock checking app that enabled him to tap into his server at home and grab bits of code from his phone, including a list of running processes and the address book. Check out the video below to see it in action:
By submitting his proof-of-concept application Miller violated the Apple App Store Guidelines, specifically sections 3.2 and 6.1 of Apple's iOS Developer Program License Agreement, which cover interfering with Apple's software and services, and hiding features from the company when submitting them.
As a result, Apple terminated his developer license with immediate effect, sending a very clear message to everyone to keep hands off the App Store whether they are would be hackers or security researchers.
"I don't think they've ever done this to another researcher. Then again, no researcher has ever looked into the security of their App Store. And after this, I imagine no other ones ever will," said Miller in an email to Cnet. "That is the really bad news from their decision." Miller had allegedly alerted Apple about the exploit three weeks ago.