Charlie Miller, a well-known Mac hacker and researcher has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device through the use of exploiting a flaw in Apple’s restrictions on code signing. According to Forbes, the restrictions allow the malware to steal user data and take control of certain iOS functions. Miller explained that the code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory and apps that violate these rules aren’t allowed in the App Store. He found a way to bypass Apple’s security check by exploiting a bug in iOS code signing, one which allows an app to download new and unapproved commands from a remote computer. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses. According to Miller: Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check. With this bug, you can’t be assured of anything you download from the App Store behaving nicely. The flaw first surfaced with the release of iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the iOS platform. Miller was able to realize that the increased speed forced Apple to create an exception for the browse to run unapproved code, and the researcher soon was able to find a bug which allowed him to expand the code beyond the browser to any app downloaded from the App Store. To showcase the exploit he found, Miller created an app called “Instastock,” which he submitted and Apple approved. The app appears to be a simple stock ticker but it can leverage the code signing bug and communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos, and other files. The app has been pulled from the App Store and according to a recent tweet of his, Miller has been banned from the Apple Store and kicked out of the iOS Developer program as well. To provide more info on the exploit, Miller will be giving a talk at the SysCan conference in Taiwan next week. He won’t be public revealing the exploit though giving Apple time to fix the issue at hand. He does do a good job of showing it off in a video, which can be found below: For those of you who don’t already know, Charlie Miller isn’t a novice when it comes to iOS or Mac security. In 2008, Miller broke into the MacBook Air in two minutes through Safari amongst many other feats. What do you think of the whole ordeal? Do you think Apple made a smart move in banning him? Share any thoughts below! And, stay tuned for more news and info on this topic by following us on Facebook, Twitter, and/or subscribing to our RSS feed. Authors: