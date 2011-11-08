* Charlie Miller kicked out of iOS Developer Program
* He put prototype of malicious software in App Store
* Apple says that violated terms of developer program
By Jim Finkle
BOSTON, Nov 8 Apple Inc (AAPL.O) expelled a
highly regarded cybersecurity expert from one of its
developers' programs, stripping him of rights to build software
for iPads and iPhones after he publicly demonstrated a flaw in
its iOS operating system.
The electronics giant took action after Charlie Miller, a
researcher with Accuvant Labs, disclosed that he had figured
out a way to build apps that can secretly download other
programs that are capable of stealing data, sending text
messages or destroying information.
He proved his theory by building a stock-market monitoring
tool called InstaStock, which connected to a server he
controlled once it was installed on an iPhone or iPad. He was
then effectively able to gain complete control of am infected
device. Miller posted a YouTube video of the technique:
(here)
He told Reuters on Monday that several hundred Apple
customers had downloaded the free app and that it had connected
to his server, but said he had not installed any other software
on their devices.
Still, the incident may have proved embarrassing for Apple
because its App Store failed to identify that InstaStock was
actually a prototype malicious program. That meant there could
currently be malware in the App Store that similarly made it
past the security vetting process, Miller told Reuters on
Monday.
Officials with Apple declined to comment on the matter in
response to several inquiries.
But the company said in an email to Miller sent late on
Monday that it was revoking his rights to develop iOS software
for the iPhone and iPad, and would no longer distribute his
programs through the App Store, according to a copy of the note
obtained by Reuters.
"Apple has good reason to believe that you violated (the
iOS developer agreement) by intentionally submitting an App
that behaves in a manner different from its intended use," the
email said.
"We will deny your reapplication to the iOS Developer
Program for at least a year, considering the nature of your
acts," the letter read.
Miller is a well-known researcher who in 2009 identified a
bug in the iPhone text-messaging system that allowed attackers
to gain remote control over the devices.
He declined comment on his expulsion when contacted by
Reuters on Tuesday, but he did discuss the matter via Twitter:
"Me angry," he said in a Tweet.
Miller also acknowledged that he had violated the Terms of
Service (TOS) of the iOS developers program.
"I doubt the TOS lets me do any of the crap I do. So why
boot me now?"
Miller is scheduled to present his detailed research at the
SyScan '11 security conference in Taiwan next week.
(here)
(Editing by Gary Hill)