Apple is famous for their closed ecosystem, which is one of the main reasons as to why most of their devices such as the iPhone and iPad have remained more or less free from malware and virus attacks – as all apps are vetted carefully before gaining admission to the App Store. As we all know, nothing is foolproof anymore these days, where serial Mac hacker Charlie Miller managed to discover a new method to sneak in an app onto your iPhone or iPad without Apple’s defenses realizing it.
Miller is set to present his method that exploits a flaw in Apple’s code restrictions when it comes to code signing on iOS devices at the SysCan conference in Taiwan next week. The use of his method resulted in Miller planting a sleeper app in Apple’s App Store in order to demonstrate the trick. To put it in a nutshell, an app is able to phone home to a remote computer which will then download new unapproved commands onto the device. These commands can then be executed at will – where some of the more heart-stopping aspects include accessing one’s collection of photos, going through the contact list, making the phone vibrate, or even vibrating the phone at will. Isn’t that spooky? Check out a video of the vulnerability below, and we do hope that a fix is in line soon.