A serial Mac hacker Charlie Miller, a former NSA analyst who now works as a researcher with consultancy Accuvant, has found a way to sneak a fully-evil app onto your phone or tablet, right under Apple’s nose.
The exploirt allow allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses.
“Using his method-and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick-an app can phone home to a remote computer that downloads new unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends,” Forbes reports.
“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” says Miller. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”
Miller has created a proof-of-concept app called Instastock to show the vulnerability. In the video (embedded below), he demonstrates it reading an iPhone’s files and making the phone vibrate. Miller applied for Instastock’s inclusion in the App Store and Apple approved the booby-trapped app. (Perhaps the company ought to have been more suspicious of an application in Miller’s name, given that he has hacked practically every device Apple has made since 2007 or so.)
Apple has terminated Miller’s developer license as a result of his research.