Read
- UK opposition party leader says Google tax behavior 'wrong'
- Microsoft unveils Xbox One with Spielberg, Activision tie-up
- White House threatens veto of bill to bypass Obama on Keystone
- Russia moves closer to jail terms for offending religion
- Whole neighborhoods razed by Oklahoma tornado that killed 24
|
Reuters Photojournalism
Our day's top images, in-depth photo essays and offbeat slices of life. See the best of Reuters photography. See more | Photo caption
Devastated by tornado
A huge tornado tears through the Oklahoma City suburb of Moore, killing dozens. Slideshow
Nuclear tsunami wall
Safety upgrades designed to prevent a repeat of the Fukushima disaster. Slideshow
Sponsored Links
Apple security expert finds apps-software bug
The company's logo is seen on the Apple store in Washington October 6, 2011.
Credit: Reuters/Yuri Gripas
(Reuters) - A software flaw in Apple Inc's iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security.
Charlie Miller, a researcher with Accuvant Labs who identified the problem, built a prototype malicious program to test the flaw. He said Apple's App Store failed to identify the malicious program, which made it past the security vetting process.
There is as yet no evidence that hackers have exploited the vulnerability in Apple's iOS software. But Miller said his test demonstrated that there could be real malware in the App Store.
"Until now you could just download everything from the App Store and not worry about it being malicious. Now you have no idea what an app might do," Miller said.
Miller said he proved his theory by building a stock-market monitoring tool, InstaStock, that was programed to connect to his server once downloaded, and to then download whatever program he wants.
(To see a YouTube video demonstration of the technique, go to here)
Apple did not respond to requests for comment.
Miller, who in 2009 identified a bug in the iPhone text-messaging system that allowed attackers to gain remote control over the devices, said that he had contacted the company about the vulnerability.
"They are in the process of fixing it," he said.
Miller is scheduled to present his detailed research at the SyScan '11 security conference in Taiwan next week
(here)
(Reporting by Jim Finkle; Editing by Gary Hill)
- Tweet this
- Link this
- Share this
- Digg this
- Reprints
Follow Reuters