[youtube]ynTtuwQYNmk[/youtube]
Charlie Miller, an iOS hacker who is known for finding vulnerabilities in the iOS devices has come up with yet any security flaw. According to Charlie, Apple code signing process is not safe and could cause anyone to steal the confidential data from iDevices. To show the authenticity, he has demonstrated in a video how the data could be stolen from an iDevice from an application downloaded from App Store.
In the video, Charlie miller downloaded an application from the App Store which he submitted to demo the bug in SysCon conference in Taiwan next week. Fortunately, Charlier got the application passed from Apple’s code signing review process. Thereby, assuring that the app is safe for people all over the world to download. At first when he downloaded the application, it worked perfectly fine, the way it should. Later on, the hacker pushed a code which was sent in the app without being reviewed by Apple. Miller than downloaded the application again from the App Store.
Interestingly, this time, application didn’t behave the same way it did for the first time. Instead, it opened a youtube video. Now, here the vulnerability came into play. Charlie passed several code through his computer and got a total command over the iPhone. He could download the address book, could search the system files, photos, vibration was possible without even any prior notification to the user. It was entirely unbelievable and an eye opener for people like me.
However, his application has been pulled from Apple. Though the vulnerability still exists and Charlier would not make it public until Apple releases a fix through iOS 5.0.1. It could turn out to be a backdoor for hackers to push malwares. Undoubtedly, Apple should be aware of the bug and a fix should be released soon with another iOS 5.0.1 beta. Apple has even terminated the account of Charlier Miller from the developer program. He felt is a bit rude of the fruit company. What do you think about it?
You can learn more about it from the Forbes report.