Charlie Millers Discovers iOS Code Signing Security Flaw. Gets Kicked Out Of The Developer Program [video]

Charlie Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability

Charlie Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, created a proof-of-concept app called Instastock to show the vulnerability. The simple program appears to merely list stock tickers, but also communicates with a server in Miller’s house in St. Louis, pulling down and executing whatever new commands he wants.

In the video above, he demonstrates it reading an iPhone’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the booby-trapped app.

Apple has pulled the app and terminated Miller’s developer license as a result of his research.

[via]




SUPPORT

FSM has no ads or affiliate links. Your support would simply pay for our servers, domain and maintanance. If there's any leftover change, we'll get some coffee and a slice of pizza.

Liberapay  
Bitcoin (BTC) 1Hfuq77gKKFJeNcq4EP4dQK3yDRWrFEwJR
Bitcoin Cash (BCH) qzmdm6e6q5wf2p6sxz2mst7cenz60newwc5m4e9js8
Ether (ETH) 0x5f02869278C24A6579d3820f52AD15936D6F9d69
Stellar (XLM) GDWT2QU2CI3GZ5XH5DTSU3IUAHZMTB6VQKKRHBYWS5YCCQOAG6OKG2OB
More content?