Apple Sanctions Researcher Charlie Miller for Exploit

Wednesday, November 09, 2011

Contributed By:
Headlines

Dr. Charlie Miller, principal research consultant for Accuvant LABS and four time Pwn2Own winner, has been abruptly dismissed from the Apple iOS Developer Program after revealing a vulnerability in Apple's security protocols.

Miller, who has probably done more to further Apple product security over the years than any other independent researcher, "planted a sleeper app in Apple’s App Store to demonstrate the trick–an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends," according to Forbes.

Apple then extended Miller a backhanded 'thank you' for exposing the security flaw by kicking him out of the Developer Program, a move that ultimately inhibits his ability to conduct critical research.

Miller tweeted that he had informed Apple of the project three weeks prior.

“I’m mad … I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder,” said Miller.

Miller is highly respected for his research, and his professional experience is in the field of computer attack methodology includes identifying vulnerabilities in software and the crafting of exploits. Miller is the author of two books, "Fuzzing for Software Security Testing and Quality Assurance" and the "Mac Hacker's Handbook".

Miller spent five years as a Global Network Exploitation Analyst for the National Security Agency, has a Ph.D. from the University of Notre Dame, is a Red Hat Certified Engineer (RHCE), a GIAC Certified Forensics Analyst (GCFA), and holds a CISSP certification.

Miller is also unrivaled as a four-time Pwn2Own content winner (2008-2011) where he has successfully hacked the Mac OS X using various Safari exploits, and this year he won the iPhone hacking competition.

Miller has produced a video of the code-signing exploit which can be found here:

http://www.youtube.com/watch?v=ynTtuwQYNmk&feature=player_embedded

Miller also demonstrated battery firmware hacking methodology at the recent Hacker Halted conference in Miami - a video interview with Infosec Island examining the attack can be found here:

https://infosecisland.com/security-videos-view/17777-Hacker-Halted-Charlie-Miller-on-Battery-Firmware-Hacking.html

Also available is a print interview Infosec Island conducted with Miller earlier this year where he discussed the evolution of Apple's OS security features:

https://infosecisland.com/blogview/12526-Pwn2Own-Winner-Charlie-Miller-Discusses-OS-Security.html

Share This! |

Views:	4359
Categories:	Webappsec->General
Tags:	Apple iPhone malware Application Security Mobile Devices iOS Charlie Miller OS X Lion

Post Rating I Like this!

Comments:

James Anderson The guy is great at finding and exploiting bugs, but that gives him a right to release an exploit into the wild with no warning or communication with Apple? I don't think so. He knew the rules. Maybe he should grow up and take the medicine he knew would be coming. Maybe if he called Apple and sincerely apologized and tried to work it out instead of crying across the net – things might go back to normal.

1320870699

Lance Miller @James, pretty sure he notified Apple first.

1320873332

Terry Perkins I can see why James thought he hadn't notified Apple prior to planting the app. The article isn't clear on that.

1320873653

Lance Miller Yeah, I am not 100% certain he did notify Apple first. I THOUGHT I read somewhere he did, but just spent last 15 min trying to locate the article...no success. Maybe someone can shed some light on it.

1320874157

Lance Miller Charlie's Twitter timeline says he did notify Apple.

1320874309

Dan Dieterle Seems to be the double edge sword that many security researchers are running into. They don't know if they will be financially rewarded for reporting a vulnerability, rebuked or even sued!

A lot of them are just moving on when they stumble onto a vulnerable system and not saying anything.

1320875364

Terry Perkins That is just sad...... If he notified Apple prior to planting the app, he should be rewarded not rebuked.

1320875766

Dan Dieterle Absolutely Terry, I am sure he will think twice before helping Apple again.

1320876050

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Improving Security by Failing Faster

Latest Member Comments

"I thought this article discuss a very important issue of security.If we have well developed technology in one particular field then we ..."

Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013

"ATM machine are for our convenience but if we are not careful they can compromise our safety. Discount theater tickets "

ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013

"A expressive case study is used to explore causation in order to find underlying principles. Case studies may be prospective in which c..."

New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013

"In the social sciences and life sciences a case study or case report is a descriptive or descriptive analysis of a someone, group or ev..."

Case Study: A Cloud Security Assessment... Caitlin Rachel on 05-21-2013