Dr. Charlie Miller, principal research consultant for Accuvant LABS and four time Pwn2Own winner, has been abruptly dismissed from the Apple iOS Developer Program after revealing a vulnerability in Apple's security protocols.
Miller, who has probably done more to further Apple product security over the years than any other independent researcher, "planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends," according to Forbes.
Apple then extended Miller a backhanded 'thank you' for exposing the security flaw by kicking him out of the Developer Program, a move that ultimately inhibits his ability to conduct critical research.
Miller tweeted that he had informed Apple of the project three weeks prior.
“I’m mad … I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder,” said Miller.
Miller is highly respected for his research, and his professional experience is in the field of computer attack methodology includes identifying vulnerabilities in software and the crafting of exploits. Miller is the author of two books, "Fuzzing for Software Security Testing and Quality Assurance" and the "Mac Hacker's Handbook".
Miller spent five years as a Global Network Exploitation Analyst for the National Security Agency, has a Ph.D. from the University of Notre Dame, is a Red Hat Certified Engineer (RHCE), a GIAC Certified Forensics Analyst (GCFA), and holds a CISSP certification.
Miller is also unrivaled as a four-time Pwn2Own content winner (2008-2011) where he has successfully hacked the Mac OS X using various Safari exploits, and this year he won the iPhone hacking competition.
Miller has produced a video of the code-signing exploit which can be found here:
Miller also demonstrated battery firmware hacking methodology at the recent Hacker Halted conference in Miami - a video interview with Infosec Island examining the attack can be found here:
Also available is a print interview Infosec Island conducted with Miller earlier this year where he discussed the evolution of Apple's OS security features: