Hacker Charlie Miller has exposed a security flaw in Apple's App Store. The flaw allows a LEGIT app to secretly download an unsigned, app without the knowledge of the user, or Apple through a backdoor entrance.
Remember, this is a signed, listed, inspected and fully authorized app from the App Store. The malicious code was not detected by Apple, and the only reason the app was pulled and his dev account cancelled was because he himself announced the presence of his virus in the app that he wrote.
This not only reveals a huge potential security flaw in iOS, but in Apple's App Store model as well. Any official app could potentially be a trojan horse carrying with it, full remote access to your iPhone/iPod Touch and its contents.
Currently, there is no way of protecting yourself from this type of threat... nor is there any way for the end user to know if any of their apps were actually made with this type of virus built in.
Although technical, this video is a proof of concept showing how he gains remote access into an iPhone that has downloaded the app.
No comments:
Post a Comment