We got some interesting news today that might breach that blind faith in Apple`s security measures. According to Forbes, infamous hacker Charlie Miller has discovered a bug that could hide malicious code into an application that would be undetectable to App Store screeners.
“At the SysCan conference in Taiwan next week, Miller plans to present a method that exploits a flaw in Apple’s restrictions on code signing on iOS devices, the security measure that allows only Apple-approved commands to run in an iPhone or iPad’s memory. Using this method—and Miller has already planted a sleeper app in Apple’s App Store to demonstrate the trick—an app can phone home to a remote computer that downloads unapproved commands onto the device and executes them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.â€
This sleeper app mentioned in Miller`s article is called Instastock. It`s described as a simple list of stock tickers, but that`s not all. This app communicates with Miller`s home server and execute his custom commands.
