8 November 2011
Last updated at 15:07 GMT
Apple has been keen to keep a close control over its apps
A
malicious piece of software designed for iPhones and iPads has been
created to show that Apple's app store is not immune to malware.
The code was designed to look like a stock price tracker, but was also able to steal data.
Experts said that the proof-of-concept program was a "significant threat" to the app store.
Apple declined to comment. It also removed the app and barred the developer from its store.
The software was created by security expert and hacker Charlie Miller to demonstrate Apple's vulnerabilities.
The firm accepted the program to its iTunes app store in
September. Two months later Mr Miller revealed that it contained malware
that could remotely download pictures and contacts.
"Until now you could just download everything from the app
store and not worry about it being malicious. Now you have no idea what
an app might do," he said.
The InstaStock app took advantage of a recent update to
Apple's mobile operating system which allowed non-approved code to be
added to installed apps for the first time.
A few hours after Mr Miller disclosed the flaw, he received
an email from Apple which said he was barred from the iOS developer
program for violating its terms and conditions.
He wrote on Twitter: "First they give researchers access to
developer programs, (although I paid for mine) then they kick them out..
for doing research. Me angry."
Mr Miller has made something of a habit of exposing Apple's security flaws.
In 2009 he identified a bug in the iPhone's text-messaging
system that allowed attackers to gain remote control over the devices.
He has since exposed other vulnerabilities in Apple's Mac and mobile platforms.
Mr Miller plans to present his research at a security conference in Taiwan on 17 November.
Jail-broken
The app he created was described as "the most significant
threat yet to Apple's app store economy", by independent mobile analyst
Ian Fogg.
"Apple has been widely criticised for the way in which it
limits what code developers can use but this suggests that it was
probably right to do that," he added.
To date Apple's biggest security threat has been to the minority of its devices that have been modified.
So-called jail-broken handsets appeal to more tech-savvy
users who want to introduce non-Apple approved software to their
handsets.
However, many experts believe Apple's app store is still more secure than many of its rivals'.
"The Android marketplace has a supply chain that is rather
less controlled and therefore offers more potential to malware writers,"
said Graham Titterington, an analyst with research firm Ovum.
But he added that this malicious iPhone app could be "the first of many".
కామెంట్లు లేవు:
కామెంట్ను పోస్ట్ చేయండి