Newly discovered iOS hack could turn any app evil

Mobile users with Apple’s iOS devices haven’t had much to worry about in terms of security thus far. Unlike smartphone and tablet users who own devices using Google’s Android operating system, Apple tightly controls which apps are available in its App Store.

But a new exploit discovered by a renowned Apple hacker seems to be able to turn just about any app into a sleeper agent, allowing a remote user to execute commands on your iOS device to make it do just about anything.

According to a story from Forbes, former NSA analyst and current researcher with consultancy firm Accuvant, Charlie Miller, intends to explain the security exploit next week at the SysCan conference in Taiwan, a convention that details hacking and security software. Miller has created an app to demonstrate the security hole he’s discovered in Apple’s iOS software, although Apple has already removed the app from the iTunes App Store and revoked Miller’s developer license.

Miller says that the exploitable software code can be slipped into just about any iOS app without the user’s knowledge, and he’s already demonstrated that he can get apps with the troublesome code past Apple’s security (although that might change now that Miller’s app has been removed). According to the Forbes story, Miller demonstrated the exploit using an app called Instastock, an app that shows a real-time stock ticker but also allowed Miller to send signals from his home system to an iPhone with the app. Miller was able to make the phone vibrate and make noise, and even downloaded photos from the device.

The trouble is with an update to the browser code that Apple pushed through in iOS 4.3. The code allows Javascript code to run at a deeper level in iOS than in previous versions, in order to make Apple’s mobile browser to run faster. That code change also allows the browser to run code Apple hasn’t approved in order to facilitate faster browsing. Although Apple has other security controls in place to stop websites from hijacking your iPhone, Miller was able to find a bug that allowed him to bypass the safeguards using this security hole. Then, he altered the security hole so that any app could use it, instead of just the mobile browser.

Miller says he’s not explaining what code bug allows him to take control of iOS devices until the talk next week, so that Apple has time to fix it. But the very fact that he was able to find it and wreak havoc on iOS devices – even if he was just explaining how it could be done – demonstrates that all mobile devices are vulnerable. Apple takes some big steps to protect its iOS customers, but no system is foolproof.

Latest from NewsReports