Apple bans security researcher

Firm is not amused by the sneak entry of a test malware app
Darren Allan

November 8, 2011

Apple has banned a security expert for planting a rogue (but harmless) app which used an exploit that had the potential to hook up and download malware to a device.

Charlie Miller, a well known security and hacking expert who works for Accuvant in the US, sneaked the app into the App Store to prove that Apple’s much lauded watertight security could be foiled.

The app, called Instastock, used an exploit to contact a server from which it could download further malicious material to do, well, whatever he wanted. Which was nothing in this case, just to test his theory that it was possible.

Apple didn’t react well to his public experiment, even though it wasn’t used to carry out anything malicious – and indeed they need folks to point out flaws such as this. Except maybe not in public.

So why did he do it that way? Miller tweeted: “For the record, without a real app in the AppStore, people would say Apple wouldn’t approve an app that took advantage of this flaw.”

And he certainly has concrete proof that they would. Apple is presumably now addressing the issue, and booted Miller out of the developer program, leaving him an unhappy bunny.

He tweeted: “First they give researcher’s access to developer programs, (although I paid for mine) then they kick them out.. for doing research. Me angry.”

Miller has not only been expelled from the developer program, but Apple has also banned him for a year to ensure it gets the message across: they’re not happy, either.

Currently, all the security fingers have been firmly wagged at Android’s growing collection of apps which aren’t vetted as being the big malware problem. Which of course they still are, but iOS isn’t perhaps as bullet-proof on the app front as was previously thought.


Comments in chronological order (1 comment)

  1. jason @ voip says:

    Ban him? They should employ him!

Post a comment

Your email address will not be published. Required fields are marked *

Visited 2563 times, 1 so far today