Apple vunerability – a sign of success?

Posted on Updated on

One of the ‘big selling points’ for Apple products over the years has been its lack of vulnerability to attack from virus’s, trojan’s and the like. The argument went that because the OS was so closely managed and the hardware it runs on so similar that it was very difficult to ‘break into’. However as a system becomes more adopted it becomes a target for attacks – and it appears that the iPhone OS has now reached that size.

Now, the Apple App store is supposed to protect users from ‘rogue’ apps due to the tests and control that Apple maintain, but an iPhone app that secretly gathered user data was approved and published in Apple’s iTunes App Store recently!

The app, called InstaStock, was created by a security expert to expose a security flaw in Apple’s new iOS5.

Charlie Miller designed the app to look like an application for checking stock market prices but it was also able to steal user data, including photographs and contacts. The app, which was accepted into the iTunes App Store in September, has since been removed by Apple and Mr Miller’s account has been suspended.

Mr Miller intends to present details of the security flaw at a conference next week but it is thought to exploit the Nitro JavaScript engine that Apple introduced with iOS 4.3 early last year. Writing on Twitter, Mr Miller expressed his anger at being barred by Apple:

 “First they give researchers access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry.”

Apple’s iOS devices have typically had fewer security vulnerabilities than competing platforms because of the company’s tight control of the operating system and the approval process for apps that run on it. But this is bound to happen eventually – it just seems rather ‘harsh’ to ban the developer when he is actually not using the information for illegal purposes and is trying to ‘help’ Apple – admittedly by going public – but we would prefer to know wouldn’t we?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s